Security at Wink Reports
We make a promise to our users that we'll keep their data safe, and as such we value security best practices and welcome security researchers.
You can get in touch with us about any security concerns via security@winkreports.com.
Bug Bounties
We offer bounties to security researchers for responsible disclosure of vulnerabilities.
Before you start
- Contact us for authorisation before starting via security@winkreports.com
- Do not attempt non-technical attacks such as social engineering and phishing
Performing Your Research
- Only the domain
secure.winkreports.comis in scope - Do not impact other users with your testing
- The following are not allowed:
- Denial of service attacks
- Automated tools which produce excessive amounts of traffic
- Intentionally accessing others' personally identifiable information (PII). Limit queries to your own information
Reporting a Vulnerability
- Send your submission to us via email: security@winkreports.com
- Include written instructions for reproducing the vulnerability
- It may take time to investigate, confirm, and resolve the issue you have reported. We ask that you refrain from publicly disclosing details until a fix has been implemented
Collecting Your Reward
- Reward amounts are determined after investigation to determine severity
- Rewards will be paid via Paypal or bank deposit. Please do not ask for cryptocurrency
- Tell us if you would like to be listed on our Hall of Fame