You found a security flaw? Tell us about it!
It is important for us at ZALORA , that our customers can feel safe and secure when shopping with us. If you believe you have discovered a potential security vulnerability on any of our Zalora domains, please help us fix it as quickly as possible by reporting your findings to us.
- If you have an account on Bugcrowd, request an invitation to our private bug-bounty program.
- Otherwise, e-mail your findings to email@example.com.
- When submitting a vulnerability, please provide a clear, concise description of steps to reproduce the vulnerability.
- Please provide full details of the security issue, including Proof-of-Concept, URL and the details of the system where the tests were conducted.
- Please provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party. Please note that, depending on the severity of the issue, it might take a few days for us to get back to you with feedback.
- Don't violate the privacy of other users, destroy data, disrupt our services, etc.
- Only target your own accounts in the process of investigating any bugs/findings. Don't target, attempt to access, or otherwise disrupt the accounts of other users.
- Don't target our physical security measures, or attempt to use social engineering, spam, distributed denial of service (DDOS) attacks, etc. In case you find a severe vulnerability that allows system access, you must not proceed further.
- Do not reveal the problem to others until it has been resolved.
Thank you for helping to keep Zalora and our users safe!