Our next live hacking event is imminent!
The mystery organisation providing the targets will, as usual, be unmasked immediately before the competition begins – all will be revealed at 10am this Saturday (28 June) at the LeHACK conference in Paris.
What better way to build anticipation than resurfacing highlights from last year’s resoundingly successful live Bug Bounty? The YesWeHack customer that provided the scopes – L’Oréal – hardly needs an introduction. Websites, APIs and mobile apps belonging to the iconic cosmetics and personal care brand were strengthened by the remediation of 71 vulnerabilities uncovered during an 18-hour bug hunt at LeHACK 2024. More than 100 hunters took part in pursuit of bounty rewards rising to a maximum of €5,000.
Asked how L'Oréal had benefited from the event, Guillaume Kermarrec, in charge of the company’s Bug Bounty Program and threat and vulnerability management function, cited “meeting the security researchers, meeting the triage team, and working together to find and fix some complex vulnerabilities”. They also seized the opportunity to “test some new scopes with very specific configurations that couldn’t be added to our continuous program”.
To learn more about how the action unfolded, see the final podium and read feedback from participating hunters, check out our event recap. The targets for LeHACK 2023, by the way, were provided by the French Red Cross and retail distribution giant Les Mousquetaires Group.
In a separate video, also filmed at leHACK 2024, Guillaume Kermarrec and Jean-Jacques Mallet, group cybersecurity director at L’Oréal, discussed L'Oréal’s security culture, the motivations for starting a Bug Bounty Program with YesWeHack, the benefits observed so far, how the program has evolved, and their advice for maximising your return on investments in crowdsourced security.
Live hacking at LeHACK 2025
Any LeHACK attendees can join this year’s bug hunt at any point during proceedings.
The most obvious benefit of participating is the chance to win hundreds or thousands of euros for discovering valid vulnerabilities on the scopes. However, those who take part typically also enthuse about how much they value the opportunity to connect socially with their peers in the hacking community (as well as getting their hands on some exclusive YesWeHack swag!).
The bug hunt kicks off at 10am on 28 June. You can find the hunters, YesWeHack triage team and security team of the participating organisation in Le Loft at the Cité des Sciences et de l'Industrie, where LeHACK is taking place.
YesWeHack will also be fielding questions about our Bug Bounty and vulnerability management platform, as well has giving out exclusive merch with some fresh designs, from booth 41.
If you’re unable to attend the conference, then you can still follow proceedings on YesWeHack’s new Instagram account. We’re taking you backstage from today as everyone gets ready for day one of LeHACK tomorrow!
Louis Vuitton live Bug Bounty
If your appetite for in-person bug-hunting that is both competitive and collaborative is not sufficiently whetted, then you can also read about last year’s hacking event with Groupe Caisse des Dépôts (CDC), a French public financial institution, as well as watch highlights from our live Bug Bounty with iconic fashion house Louis Vuitton (this was YesWeHack’s second ‘Hack Me I'm Famous’ event)…
As well as one later in the year with Argentinian bank Banco Galicia…
And finally, another event with Italian sweet-packaged food giant Ferrero:
Every single customer associated with the aforementioned hacking events declared themselves pleased with the outcome in terms of the vulnerabilities discovered and the security lessons learned by collaborating with our hunters.
Find out more about how your organisation can benefit from holding live hacking events with YesWeHack or from running a continuous Bug Bounty Program, or contact our sales team to discuss how you can best leverage crowdsourced security testing to suit your testing goals and budgetary constraints.