Public Badoo bug reports.

Team Bounty Title
Badoo $280 CSRF Attack on (m.badoo.com)deleting account and erasing imported contacts
Badoo $140 Email Spoofing
Badoo $280 Leave inaccessible messaging system with a message (https://us1.badoo.com)
Badoo $260 Arbitrary modification value "session" (Cookie) in badoo.com
Badoo $140 Unvalidated redirect on team.badoo.com
Badoo $140 No rate-limit in SERVER_SECURITY_CHECK
Badoo $140 Change contents of the careers iframe in https://corp.badoo.com/jobs
Badoo $280 Получение оригинала скрытого изображения
Badoo $280 Ability to collect users' ids that have visited a specific web page with malicious code
Badoo - AWS S3 Bucket hotornot-images permissions allow for listing and removing files
Badoo - Badoo and Hotornot User Disclosure
Badoo $852 [CRITICAL] Full account takeover using CSRF
Badoo - Insecure Direct Object Reference on badoo.com
Badoo $850 Account Takeover
Badoo $427 Broken Authentication on Badoo
Badoo - Password modification without knowing actual password & httpOnly bypass
Badoo $153 Open redirect helps to steal Facebook access_token
Badoo $310 crossdomain.xml too permissive on eu1.badoo.com, us1.badoo.com, etc.
Badoo $456 Tokens from services like Facebook can be stolen