Reporting Security Issues

We support the security research community and welcome reports of vulnerabilities in our systems. We do not prosecute people who discover and report vulnerabilities to us. Keeping customer data safe and secure is a huge responsibility and a top priority. We work hard to protect our customers from the latest threats. Your input and feedback on our security is always appreciated.

Reporting security problems & awards

We run a public bounty bug program through Federacy, and all vulnerabilities should be reported through our program page:


We respect the time and talent that drives new discoveries in web security technology. The following researchers and companies have gone out of their way to work with us to find, fix, and disclose security flaws safely:

  • Muhammad Hammad - recognized for reporting a cross site scripting vulnerability.
  • Ayaz - recognized for reporting Missing SPF.
  • allmight - Issues with sign-up rate limit and Google login.