During the development of a keyword research tool, Norfolk-based creative digital agency Candour unintentionally revealed some weaknesses within Google and unearthed some of its inner secrets, resulting in a big boost for the agency’s charity of the year, Brave Futures.
While working on Candour’s SaaS tool, AlsoAsked, the team were able to access a private Application Programming Interface (API) endpoint which provided them with specific names and values of metrics that Google uses to rank websites, giving unsolicited insight into how the search giant is operating.
For incidents like this, where researchers stumble across significant exploits within Google, you can receive cash rewards as part of Google’s Bug Bounty programme if you are able to demonstrate exploits and the use cases for these.
After reviewing the submission, Google rated the exploit as “high impact” with a “high probability” of being abused and subsequently rewarded $13,337 to the local agency – which will all be donated to the agency’s chosen charity, Brave Futures.
Mark Williams-Cook, Director at Candour says, “While the information the team uncovered was fascinating, reporting it was the right thing to do to protect users. We decided to donate the reward money to our charity of the year, Brave Futures – as if you can’t donate the money you weren’t expecting to have, what can you donate?”
The digital marketing agency is committed to making a positive contribution to the local community and pledges to work with a chosen charity partner each year to help them grow. Starting the year with a £10,000 donation already, Brave Futures was selected as Candour’s charity of the year for 2024. The organisation works as a specialist support service for children and young people who have experienced sexual abuse.