Responsible Disclosure

We ask you:

  • Email your findings to security@intakt.com
  • Not exploiting the problem by, for example, downloading more data than necessary to demonstrate the leak or viewing, deleting or modifying third-party data,
  • Not sharing the problem with others until it is fixed and deleting all confidential data obtained through the leak immediately after the leak is fixed,
  • Not use physical security attacks, social engineering, distributed denial of service, spam or third-party applications, and
  • Provide sufficient information to reproduce the problem so that we can fix it as soon as possible. Usually the IP address or URL of the affected system and a description of the vulnerability is sufficient, but more may be required for more complex vulnerabilities.

What we pledge:

  • We will respond to your report within 3 days with our assessment of the report and an expected date for resolution,
  • If you have complied with the above conditions, we will not take any legal action against you regarding the report,
  • We will treat your report confidentially and will not share your personal information with third parties without your consent unless necessary to comply with a legal obligation. Reporting under a pseudonym is possible,
  • We will keep you informed of the progress in resolving the problem,
  • In notifying you of the reported problem, we will, if you wish, include your name as the discoverer, and
  • As a thank you for your help, we will offer a reward for each report of a security problem still unknown to us. We will determine the size of the reward based on the severity of the leak and the quality of the report with a minimum of a €50 voucher.

We aim to resolve all problems as soon as possible and we are happy to be involved in any publication about the problem after it is resolved.