Zynga Inc. is an American social game developer running social video game services.
Zynga invites you to test and help secure our publicly accessible web presence and games. We're highly interested in knowing about any vulnerabilities that may extend to any web-based property we own/control (online games, etc). We appreciate your efforts and hard work in making the internet more secure, and look forward to working with the researcher community to create a meaningful and successful bug bounty program. Good luck and happy hunting!
For the initial prioritization/rating of findings, this program will use theBugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.
This program only awards points for VRT based submissions.
Target name | Type
*.zynga.com | Website
*.zyngagames.com | Website
Zynga branded games - ioS | iOS
Zynga branded games - Android | Android
Zynga branded games - Windows | Other
Any domain/property of Zynga not listed in the targets section is out of scope. This includes any/all subdomains not listed above. If you believe you've identified a vulnerability on a system outside the scope, please reach out to firstname.lastname@example.org before submitting.
Researchers are free to self provision or utilize any existing accounts they own - DO NOT test against any accounts you do not expressly own. If/when registering for testing purposes, please do so using your @bugcrowdninja.com email address. For more info regarding @bugcrowdninja email addresses, see here.
No pre-provisioned accounts will be provided for this program.
This program follows Bugcrowd’s standard disclosure terms.
Contact us if you want more information.