My First Bug Bounty Attempt & What I got for it

Have you ever heard of Deezer? In my opinion it is the best Spotify alternative, especially because when I started using Deezer Spotify wasn’t available in my country and still isn’t. Deezer is an online music streaming service, the first I’ve ever used, and I pretty much enjoyed my experience. Online streaming with Deezer is free, with access to over 56 million tracks on their platform. For more features one needs a paid plan though.

Deezer allows you to listen to music and explore some of its paid features for 15 days free of charge (On mobile). When, and if you choose a paid plan you get 30 additional days of premium features, this includes creating playlists, and saving songs so you can listen offline which is one of my favorite features. I enjoy downloading a bunch of songs and listening offline just like I would on my default music app on my mobile phone.

I Tried, But Reaching Them wasn’t Easy

I shared a message with one of Deezer’s representatives, unfortunately I never got a response. But that wasn’t a problem and I wasn’t going to give up because of that. As mentioned before, there was no bounty, nor was there a promise but the thought that some people could exploit the app because of a flaw wasn’t satisfying at all for me, not if I could do a thing or two.

That’s how much I enjoyed using the app, as a result I sent a message to another representative this time a Talent Acquisition Specialist. This was done two days after the first message. The second person I reached out to accepted my connection request on LinkedIn which made it easier for me to message, because most of the people who showed up as employees were too distant of a connection for me to reach.

If you use Linked-In you probably understand this, if you don’t let’s just say you can’t just connect with anyone if there is no relation between two profiles. It’s easier to connect with someone who has a mutual connection than with someone you’ve never even shared a post with, one way to prevent spam I believe. Linked-In premium has less limitations though this happens more often for regular accounts.

Persistence

Well, the second representative didn’t give me the time of day either I was getting tired of the silence I was getting no attention at all. I tried them on Facebook “lucky me” I thought, but the representative thought I was having problems with the app. Which was true, but see, I knew my way around very well already, so much that I found a way to use every song I had offline on different accounts which was a huge problem at least that’s how I saw it.

Imagine being able to access the same data on Facebook on various accounts. So, I decided that the Facebook representative wasn’t going to be much help. I thanked them for their time and called it a day.

I Found My Answer | The Beta Program

Beta programs are usually a solution for Software Developers and whatever companies behind them or the apps. Users get to test updates before they actually go public and the Developers get to make changes and sometimes fix bugs which is always a solution. Within this program users also get to share their views on the apps, and suggestions where necessary.

So, instead of paying people to test these apps which could sometimes cost a lot, volunteers get to test different apps for free. In some cases you may get rewards and discounts where applied but usually it is just for the love of the game. I wouldn’t mind testing a medium update every now and then would you?

If you’re wondering whether or not I joined the program, well I didn’t.

But, I figured the email the company provides for this type of thing was ideal. I sent them a message sharing exactly what I managed to do.

The usual: Every new user, paid and free can listen to music on Deezer for as long as they’re connected to the internet. One of the benefits of a paid plan is the option of saving, and downloading music for offline use as well. New users get to test some of the paid benefits (this includes playlists, and saving music for offline streaming) for 15 days, for those who choose a paid plan, and provide payment details get 30 additional days for free. At least this is how it was when all this took place, I cannot guarantee things are still this way 7 months after but this isn’t part of the problem.

The bad: I managed to switch accounts, initially the previously downloaded songs didn’t show on the other accounts but as I searched for songs I’d listen to frequently I realized that I didn’t have to download them again because these were already saved. After all, I still had all the data on my device. I only switched an account and basically made all my favorite songs available again in every Deezer account “3 in total”. The benefits would be 15 days of free trial, 30 more after submitting my payment details in total 45 more days of free music. With this for an option some would never go for a paid plan.

The support team replied to my ticket in 48 hours, it took at least a week to get the bug fixed as I kept on checking, when that happened I received an email from Deezer, thanking me for the help, suggesting that I join the beta program and offering a full month of the paid plan on them which was made effective on the following day. I never joined the beta, I am happy with this program.

This was originally published on Medium https://samwritessecurity.medium.com/my-first-bug-bounty-attempt-what-i-got-for-it-dc057d04e62b