Bug Bounty program.

Time to read: 2 minutes

Person looking at computer code on phone and laptop.

At a glance

Small illustration of magnifying glass

Through the Bug Bounty program, T-Mobile provides incentives to researchers who help us identify cybersecurity issues.

small icon shield checkmark

T-Mobile fixes security issues before cybercriminals can exploit them.

icon clipboard money

To participate in the Bug Bounty program, learn more about the program and submit a report.


Bugs, bounties, and T-Mobile security

T-Mobile, partnering with BugCrowd, launched a revamped public Bug Bounty program on August 30, 2023, to help make our products and services more secure.

The term “Bug Bounty” comes from bounty hunting. In this case, that means hunting for opportunities to improve T-Mobile’s cybersecurity. Through the Bug Bounty program, T-Mobile provides incentives to security researchers who responsibly find and disclose security issues. After that, T-Mobile eliminates the security gaps before attackers can take advantage of them.

Visit our BugCrowd resource page to learn about the digital assets you can help us improve.

icon protect yourself

Show us your cybersecurity skills

Submit a report

To participate in the Bug Bounty program, please submit a description of the security issue you’ve discovered, describe its business impact, show the proof-of-concept, and offer recommendations for fixing the issue. Get more details about the program and learn more about how to submit a report.

Contact Bug Bounty

For questions, please contact the Bug Bounty program at


The T-Mobile Bug Bounty program is an open program. However, contingent staff members, contractors, or vendor employees who are currently working with, or have worked in the past twelve (12) months with T-Mobile or a T-Mobile affiliate are excluded from participation. Minors may only participate with the consent of their legal representative. For additional eligibility information, please review the program brief.

What do we mean by responsible disclosure?

  • Security researchers find and report cybersecurity risks directly to T-Mobile’s Bug Bounty platform.
  • Security researchers give T-Mobile time to analyze and correct the issue.
  • Security researchers demonstrate ethical responsibility.
  • T-Mobile avoids harm from public exposure.
  • T-Mobile acknowledges security researchers and their findings.
  • T-Mobile fixes cybersecurity issues before bad actors can exploit them.
Bug Bounty icon

Check it out

Read our Q&A interview with BugCrowd founder and CTO, Casey Ellis.

Related links