The companies Chiefs AG and NIKIN AG proactively allowed 60 ethical hackers to attack their IT systems. A total of 36 security vulnerabilities were identified—some of them critical. The reality check was organized by Bug Bounty Switzerland in collaboration with Cisco Switzerland.
How about a delicious protein bar—or perhaps a sustainably produced T-shirt? Almost everyone knows and loves them: Chiefs and NIKIN. These two Swiss lifestyle brands have long been setting new standards in their respective industries. Now, they’re going the extra mile when it comes to cybersecurity—becoming role models for the entire Swiss e-commerce sector.
From March 10 to 28, all IT systems of both companies were rigorously tested by 60 ethical hackers. This legal hacking operation, known as a “Reality Check,” aimed to proactively uncover hidden vulnerabilities.
Within a very short time, the companies were able to gain a realistic assessment of their exposure to risk and significantly improve their security posture.
After all, who better to reveal where you’re still vulnerable to malicious cyberattacks than a real hacker?
“Experiencing a legal hacking attack live is something I would truly recommend to any organization—nowhere else are your weaknesses and opportunities for improvement revealed so clearly and unfiltered!”
– Pascal Zeder, Chiefs
Five critical security vulnerabilities discovered
At first glance, both companies appeared to be very well protected. Both use modern and widely adopted e-commerce platforms with a high level of security maturity. As a result, during the initial weeks, the ten invited ethical hackers uncovered only twelve medium-severity vulnerabilities and one high-severity issue.
On the seventh day of testing, the situation was reviewed by our team—and something was done that is only possible in a bug bounty program: direct conversations were held with the ethical hackers, and the security test was optimized in real time during the active testing phase.
On the eighth and ninth day, the bug bounty program was significantly scaled, with the number of invited hackers increased to 60—virtually at the push of a button. Just one day later, a wave of highly critical security vulnerabilities began to surface.
Over the 18-day duration of the Reality Check, a total of 36 security vulnerabilities were discovered. In return, CHF 20,000 was paid out to the ethical hackers. Five of these vulnerabilities were classified as critical—they could have allowed full takeover of one of the tested shop or server systems, as well as access to customer data.
Because these vulnerabilities were discovered proactively as part of a Bug Bounty Reality Check, they could be remediated before being exploited by cybercriminals.
This powerfully demonstrates that almost any IT system—no matter how modern or well-protected—can be hacked when the right people, with the right skills and the right motivation, come together at the right time.
And it’s precisely this kind of unique matchmaking that Bug Bounty Switzerland enables through its bug bounty programs—effectively and impressively.
We’re proud of our vulnerabilities.
A flawless IT system without vulnerabilities no longer exists. The digital world has become far too complex and fast-paced. That’s why traditional security measures alone are no longer sufficient to effectively protect against cyberattacks.
In fact, there are only two ways to uncover security vulnerabilities you don’t yet know about:
- Either through criminal hackers in the form of malicious cyberattacks – which are often existential threats.
- Or proactively, through collaboration with ethical hackers—without causing any harm in the process.
But this requires an open mindset and the understanding that every vulnerability is an opportunity to improve. This cultural shift—toward transparency and a constructive approach to mistakes—is one of the key factors for a successful digital transformation.
In this context, IT security and customer trust (digital trust) are becoming increasingly important competitive advantages.
Chiefs and NIKIN are leading by example and clearly state: “We’re proud of our vulnerabilities—because they help us get better every day!”
“We were truly surprised by the technical sophistication of the hackers and by how much we were able to learn from them.”
– Nicolas Hänny, Co-Founder von NIKIN
Cybersecurity is a team sport.
Today’s cybersecurity challenges can only be tackled through collaboration. This requires a new kind of cooperation—not only within organizations, but far beyond their boundaries.
With this flagship project, Cisco Switzerland aims to highlight the importance of modern cybersecurity solutions and demonstrate the critical role of bug bounty programs.
To support this initiative, Cisco Switzerland covered the reward payouts for the ethical hackers, while Bug Bounty Switzerland provided its managed service and collaborative platform.
All in line with the motto: “Together for a secure Switzerland!”
“We on the good side need to level up as well. Together with ethical hackers, we can identify critical security vulnerabilities.”
– Roman Stefanov, Cyber Security Sales Lead bei CISCO Schweiz
