If you've discovered a bug in our security, please send an email to firstname.lastname@example.org, optionally using our PGP key. We will investigate and get back to you with a personal response as quickly as possible.
Please use common sense when looking for bugs. We ask that vulnerabilities not be disclosed publicly until fixed. Never test accounts that are not your own. Do not run automated vulnerability scanners or brute-force attacks. We do not recognize denial of service, spam, social engineering, or third party application vulnerabilities.
Hall of fame
We respect the time and talent it takes to be a security researcher. A sincere thank you to the following people for working with us to make the internet a safer place: