Report a vulnerability

We acknowledge the importance of security researchers in helping keep our systems and our users safe. We encourage responsible disclosure of security vulnerabilities via our Vulnerability Reporting Policy.

Guidelines for reporting

When reporting a vulnerability, please consider the following guidelines:

  • Provide details: Include as much information as possible, including what you did, what happened and what you think the potential impact may be. Include any tools used, including versions.

  • Provide reproducible steps: Clear instructions allow us to reproduce the issue and fix it more rapidly.

  • Report in a timely manner: Please report the vulnerability as soon as reasonably possible.

  • Do not exploit: Investigating vulnerabilities is fine, but don't use them to attack others, or to access, delete or modify others' data.

  • Do not disrupt: Our services and the wider Internet should not be disrupted in the course of your research.

How to report

If you believe you've found a security vulnerability, please send it to us by emailing or submitting a ticket on our website. Include the word 'SECURITY' in the subject line, and we'll take the following steps:

  1. Acknowledge your email within 48 hours

  2. Investigate the issue and confirm the vulnerability

  3. Address the vulnerability within a reasonable timescale

Our commitment

We take all reports of potential security vulnerabilities seriously and will respond swiftly to fix verifiable security issues. We do not offer monetary rewards for vulnerability reports, but we will provide a written acknowledgement of your efforts, if you're the first to report the issue.

Was this helpful?