At ICQ, we take security seriously and our bug bounty program is one of the major parts of this. We will be glad to see you among bug hunters. You can send us reports in ???????? English or ???????? Russian.
Critical application security flaws from OWASP Top 10 __such as: Injections, Broken Authentication, Sensitive Data Exposure (e.g. private chat metadata), Broken Access Control (e.g. access to user chats and calls). Happy hacking!
We will not pay a reward (and we will be really upset) if we detect:
Please use your own accounts to conduct your research. Do not try to gain access to others ' accounts or any confidential information.
Vulnerability must be disclosed only with accordance with HackerOne disclosure
Request for vulnerability disclosure must be filed via HackerOne report interface.
No vulnerability disclosure, including partial is allowed before vulnerability is disclosed on HackerOne.
If any sensitive information including (but not limited to) infrastructure and implementation details, internal documentation procedures and interfaces, source code, user and employees data accidentally obtained during vulnerability research or demonstration must not be disclosed. Intentional access to this information is strongly prohibited.
Contact us if you want more information.