|Scope Type||Scope Name|
|android_application||Android Deezer App|
|ios_application||iOS Deezer App|
Out of Scope
|Scope Type||Scope Name|
|undefined||All domains not listed in Scopes|
The Deezer platform provides an innovative music streaming service that has attracted millions of users worldwide. Deezer lets them instantly play the music they want to hear and guarantees high-quality sound, diversification and personalized music curation.
Deezer is committed to working with security experts across the world to stay up to date with the latest security techniques. If you have discovered a security issue that you believe we should know about, please let us know about it and we'll do our best to quickly correct the issue.
We take security issues seriously and we're big believers in protecting privacy and security. Our bug bounty programs has been put in place to give a tip of the hat to software security researchers.
To be eligible for a reward, note that we typically require the issue report to have some actual security impact in a realistic scenario. This does not mean you need to fully exploit issues. Providing the information you have will most of the time allow us to analyze your report and draw conclusions on the impact.
If your Deezer account is deactivated by our system because it detected a malicious attempt, please contact the Bounty Program manager to ask for its re-activation.
We are interested in hearing about critical security issues on the following scope. If you find a vulnerability on an unlisted domain or scope, create short vulnerability report before going to deeply into an analysis so that we can answer you about its validity and criticality.
If you report a vulnerability our teams are already aware of, we'll keep you updated about
Note that it can happen sometimes that our teams are already aware and working on a vulnerability before your reported it, we'll thank you for having reported it nevertheless in that case the report won't be eligible for a reward.
Currently, the scope of our bug bounty program is limited to certain vulnerabilities and scope. However, we are happy to thank everyone who submits a non-high-severity vulnerabilities through bonus points. Please note that Deezer will determine in its discretion whether a reward should be granted and the amount of the reward. But we aim to be fair.
Thank you for helping keep Deezer safe!
Any non-security related issue will not be eligible for a money reward. Bugs, wrong interface or API behavior, etc. should be sent to http://support.deezer.com/requests/new