You found a security flaw? Tell us about it!
It is important for us at ZALORA, that our customers can feel safe and secure when shopping with us. If you believe you have discovered a potential security vulnerability on any of our Zalora domains, please help us fix it as quickly as possible by reporting your findings to us.
- If you have an account on Bugcrowd, request an invitation to our private bug-bounty program.
- Otherwise, e-mail your findings to firstname.lastname@example.org.
- When submitting a vulnerability, please provide a clear, concise description of steps to reproduce the vulnerability.
- Please provide full details of the security issue, including Proof-of-Concept, URL and the details of the system where the tests were conducted.
- Please provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party. Please note that, depending on the severity of the issue, it might take a few days for us to get back to you with feedback.
- Don't violate the privacy of other users, destroy data, disrupt our services, etc.
- Only target your own accounts in the process of investigating any bugs/findings. Don't target, attempt to access, or otherwise disrupt the accounts of other users.
- Don't target our physical security measures, or attempt to use social engineering, spam, distributed denial of service (DDOS) attacks, etc. In case you find a severe vulnerability that allows system access, you must not proceed further.
- Do not reveal the problem to others until it has been resolved.
Thank you for helping to keep Zalora and our users safe!