Our team of dedicated security professionals works vigilantly to keep customer information secure. We recognize the important role that security researchers and our user community play in keeping PayPal and our customers secure. If you discover a site or product vulnerability please notify us using the guidelines below.
To encourage responsible disclosure, we commit that - if we conclude that a disclosure respects and meets all the guidelines outlined below - we will not bring a private action or refer a matter for public inquiry.
Guidelines for responsible disclosure
- Share the security issue with us before making it public on message boards, mailing lists, and other forums.
- Allow us reasonable time to respond to the issue before disclosing it publicly.
- Provide full details of the security issue.
Do not engage in security research that involves
- Potential or actual denial of service of PayPal applications and systems.
- Use of an exploit to view data without authorization, or corruption of data.
- Requests for direct compensation for the reporting of security issues either to PayPal, or through any external marketplace for vulnerabilities, whether black-market or otherwise.
Report security vulnerabilities to firstname.lastname@example.org.
Our PGP key for reporting can be found here.
Forward spoof and phishing emails to email@example.com.