Skip to main content Skip to footer
Contact us
YOUR PROTECTION

Bug Bounty program.

Time to read: 2 minutes

Person looking at computer code on phone and laptop.

At a glance

small icon magnifying glass

Through the Bug Bounty program, T-Mobile provides incentives to researchers who help us identify cybersecurity issues.

small icon shield checkmark

T-Mobile fixes security issues before cybercriminals can exploit them.

icon clipboard money

To participate in the Bug Bounty program, learn more about the program and submit a report.

 

Bugs, bounties, and T-Mobile security

T-Mobile, partnering with BugCrowd, launched a revamped public Bug Bounty program on August 30, 2023, to help make our products and services more secure.

The term “Bug Bounty” comes from bounty hunting. In this case, that means hunting for opportunities to improve T-Mobile’s cybersecurity. Through the Bug Bounty program, T-Mobile provides incentives to security researchers who responsibly find and disclose security issues. After that, T-Mobile eliminates the security gaps before attackers can take advantage of them.

Visit our BugCrowd resource page to learn about the digital assets you can help us improve.

Explore more
icon protect yourself

Show us your cybersecurity skills

Submit a report

To participate in the Bug Bounty program, please submit a description of the security issue you’ve discovered, describe its business impact, show the proof-of-concept, and offer recommendations for fixing the issue. Get more details about the program and learn more about how to submit a report.

Get started

Contact Bug Bounty

For questions, please contact the Bug Bounty program at bug-bounty@t-mobile.com.

Eligibility

The T-Mobile Bug Bounty program is an open program. However, contingent staff members, contractors, or vendor employees who are currently working with, or have worked in the past twelve (12) months with T-Mobile or a T-Mobile affiliate are excluded from participation. Minors may only participate with the consent of their legal representative. For additional eligibility information, please review the program brief.

What do we mean by responsible disclosure?

  • Security researchers find and report cybersecurity risks directly to T-Mobile’s Bug Bounty platform.
  • Security researchers give T-Mobile time to analyze and correct the issue.
  • Security researchers demonstrate ethical responsibility.
  • T-Mobile avoids harm from public exposure.
  • T-Mobile acknowledges security researchers and their findings.
  • T-Mobile fixes cybersecurity issues before bad actors can exploit them.
Bug Bounty icon

Check it out

Read our Q&A interview with BugCrowd founder and CTO, Casey Ellis.

Visit our newsroom

Related links

  • A couple looking at phone together.

    Your privacy around the web YOUR PROTECTION

    Take control of your privacy on websites outside of T-Mobile.

    Read article
  • A person setting their Do Not Sell or Share My Personal Information preferences on their phone and laptop.

    Do Not Sell or Share My Personal Information YOUR DATA

    You have the option to tell us to not sell or share your information. Here’s how that works.

    Read article
  • A person entering their credit card information on their phone.

    Online safety and cybersecurity YOUR PROTECTION

    Find more ways to protect yourself and your family from online fraud, theft, and spam.

    Read article