Security & Vulnerability Report

We appreciate the efforts of security researchers and provide secure means for disclosing security vulnerabilities responsibly.


The primary reward for reporting qualifying vulnerabilities is your name on our Security Researcher Hall of Fame page.
Additional rewards are at our discretion for distinctly creative or severe bugs.

How do I report a vulnerability?

Please contact our Security Team at: (PGP Key on the bottom end).
Please include any of the following when reporting:
  • Proof of concept
  • Tools used to find/exploit the vulnerability
  • Tool output

Our Rules

  • No unauthorized access of another individual’s account or data.
  • No attacks that could affect the reliability / integrity of our services or data.
  • Please respect responsible disclosure – we will fix all valid issues as soon as we are able.
  • Only test for vulnerabilities on a domain owned by Firstbird. Some sites hosted on subdomains are operated by third parties should not be tested.
  • Never attempt non-technical attacks such as social engineering, phishing, or physical attacks against our employees, users, or infrastructure.
Please Note…
If sending your report via a video, please ensure that it isn’t hosted on a public platform such as YouTube.
We do not accept bugs that have already been submitted by another user, or that we are already aware of.
Vulnerabilities that Firstbird determines to be an accepted risk will not be eligible for acceptance.
If we validate and accept your report as being non-trivial, valid and not yet reported, we will add you to our Hall of Fame

Secure Communications

The following PGP key can be used for sensitive information:

Worauf warten Sie noch? Starten Sie jetzt!

Keine Kreditkarte erforderlich. Ein Upgrade ist jederzeit möglich.

Wir stellen Ihnen Firstbird vor

Erfahren Sie in unserem Live-Webinar, wie Sie erfolgreich starten