Facebook, Google, Paypal, Mozilla, Barracuda Networks and more other giving away bug bounties in thousands of dollars to hackers for finding vulnerabilities. Most common vulnerabilities reported maximum time on various sites is Cross site scripting and each month hackers submit lots of such vulnerabilities to companies. There is no proof or an open Panel where hacker can verify that is someone already reported for same bug before or not. Paypal being the largest eCommerce business offer’s Bounty to its security researcher’s for reporting the vulnerabilities discovered and keeping it confidential.
Source: https://thehackernews.com/2012/11/paypal-bug-bounty-program-playing-fair.html