Chasing Bugs, Not Bounties
If you’ve read my earlier other bug bounty write-up, you already know how it all started — with me rushing to report something, even if it turned out to be invalid. It wasn’t about chasing bounties back then — I just wanted to contribute. If you haven’t read that blog yet, you can check it out here:
Digging Through Old Reports
After nearly two years since I submitted my very first (and invalid) report to the same company, I decided to revisit that moment. I searched “security” in my Gmail and, at the very end, found the report from 2022 — the one that read: “This is out of scope.” It brought back a wave of memories, and I’ve shared the screenshot below.
Team had marked my first report as invalid and out-of-scope — and honestly, that made sense. It was just…