Request edit access
Eightfold Bug Bounty
Rules for you
- Don’t attempt to gain access to user’s account or data.
- Don’t perform any attack that could harm the reliability/integrity of our services or data. DDoS/spam attacks are not allowed.
- Don’t publicly disclose a bug before it has been fixed.
- Do not impact other users with your testing.
- Don’t use scanners or automated tools to find vulnerabilities.
- Never attempt non-technical attacks such as social engineering, phishing, or physical attacks against our employees, users, or infrastructure.

Rules for us
We will respond as quickly as possible to your submission.
We will keep you updated as we work to fix the bug you submitted.
We will not take legal action against you if you play by the rules.

How are bounty payments made?
All bounties are currently paid via PayPal.

How is the bounty reward determined?
Rewards range from $25 - $5000. Our security and development teams take many factors into account when determining a reward. These factors include the complexity of successfully exploiting the vulnerability, the potential exposure, as well as the percentage of impacted users and systems. Sometimes an otherwise critical vulnerability has a very low impact simply because it is mitigated by some other component, e.g. requires user interaction, an obscure web browser, or would need to be combined with another vulnerability that does not currently exist.

I reported a vulnerability but have not received a response!
Please allow up to 24 hours for an initial response. Also realize that spam filters and email in general can sometimes be problematic. If you ever feel we are not communicating in a timely fashion, definitely let us know.

Email address *
Short description of the vulnerability *
Detailed steps to reproduce the vulnerability (if we cannot reproduce it, you will not be eligible for bounty reward) *
Never submit passwords through Google Forms.
This form was created inside of