We support the security research community and welcome reports of vulnerabilities in our systems. We do not prosecute people who discover and report vulnerabilities to us. Keeping customer data safe and secure is a huge responsibility and a top priority. We work hard to protect our customers from the latest threats. Your input and feedback on our security is always appreciated.
We run a public bounty bug program through Federacy, and all vulnerabilities should be report through our program page: https://www.federacy.com/knowyourteam.
We respect the time and talent that drives new discoveries in web security technology. The following researchers and companies have gone out of their way to work with us to find, fix, and disclose security flaws safely: