Swisscom info and facts

Swisscom Customer Center passes hacker stress test

Berne, 15 December 2016

IT hackers from US start-up HackerOne spent six weeks attacking a copy of the Swisscom Customer Center. Weaknesses were identified in the process, most of which in non-critical areas. The stress test findings help Swisscom's security experts to deploy even more effective measures to protect the Customer Center.

98 IT security experts (known as white hat hackers) worldwide put the Swisscom Customer Center through its paces in an anonymised test instance. Real customer data was not exposed at any time. Around a fifth of the hackers made a hit, identifying a total of 48 weaknesses in the Customer Center. Swisscom rewarded the HackerOne experts on successfully revealing the security loopholes with so-called ‘bounties’. The individual amounts ranged from CHF 100 to 1,250, depending on the extent and gravity of the weak point and the documentation quality of the report. A total of around CHF 10,000 was paid out in bounties.

Weak points difficult to replicate

Commenting on the stress test findings, Michel Summermatter, Operations Manager of the Customer Center remarks: "None of the identified weak points represents a serious security risk on its own. However linking up security loopholes might potentially jeopardise data worthy of protection.” Swisscom security experts consolidated the weakness analyses over the past weeks and immediately initiated their elimination. Swisscom is confident that the crowd security approach, conducted in this case in cooperation with HackerOne, is a valuable step towards a safer digital world.

About HackerOne

Headquartered in San Francisco, HackerOne is specialised in tracking down IT security leaks. IT security experts worldwide work for HackerOne on a bug bounty (rewards for trawled loopholes) basis. Besides Swisscom, HackerOne's clients also include companies like Twitter, Yahoo and Airbnb. HackerOne is the first company to adopt the innovative approach of engaging the services of hackers worldwide to optimize IT security.