We have deliberately excluded some types of potential security issues. See the "Program Scope" section below.
If during the investigation of the vulnerability you inadvertently violated the confidentiality or work of other people (for example, you gained access to account data, service configurations, or other confidential information), you must indicate this in your report.
When researching vulnerabilities, use test accounts. If you cannot reproduce the issue using a test account, use a real one (but not for automated testing). Do not interact with other accounts without the consent of their owners.
Please send your report to
[email protected]