Report a vulnerability
We acknowledge the importance of security researchers in helping keep our systems and our users safe. We encourage responsible disclosure of security vulnerabilities via our Vulnerability Reporting Policy.
Guidelines for reporting
When reporting a vulnerability, please consider the following guidelines:
Include as much information as possible, including what you did, what happened and what you think the potential impact may be. Include any tools used, including versions.
Provide reproducible steps
Clear instructions allow us to reproduce the issue and fix it more rapidly.
Report in a timely manner
Please report the vulnerability as soon as reasonably possible.
Do not exploit
Investigating vulnerabilities is fine, but don't use them to attack others, or to access, delete or modify others' data.
Do not disrupt
Our services and the wider Internet should not be disrupted in the course of your research.
How to report
If you believe you've found a security vulnerability, please send it to us by emailing email@example.com. Include the word 'SECURITY' in the subject line and we'll take the following steps:
Acknowledge your email within 48 hours
Investigate the issue and confirm the vulnerability
Address the vulnerability within a reasonable timescale
We take all reports of potential security vulnerabilities seriously and will respond swiftly to fix verifiable security issues. We do not offer monetary rewards for vulnerability reports, but we will provide a written acknowledgement of your efforts, if you're the first to report the issue.