Responsible Vulnerability Disclosure

This page is intended for security researchers and other security professionals who have identified a vulnerability in Elisa's services and are willing to help us improve the security of our services by reporting the vulnerability to us using the form below.

Elisa's goal is to keep services safe and secure for everyone. The security of our customers' information is always our top priority. If you have found a vulnerability in Elisa's services, we appreciate your help if you tell us about it. Whenever you investigate vulnerabilities in our services, we expect you to always comply with the applicable law.

If you are a customer and have general questions about the security or use of our services, please contact us through this link.

We appreciate your taking the time to report any vulnerabilities you have detected. But please do it by following the instructions below.

Guidelines for Responsible Vulnerability Disclosure

  • We only allow active testing in accordance with the rules defined in the Bug Bounty Program, and for the services defined in the program.
  • Please report any vulnerability or suspected vulnerability you encountered as soon as possible and without undue delay.
  • Avoid violating people's privacy, disturbing our services, destroying or altering information and / or damaging our customer experience.
  • Communicate vulnerability information only through official communication channels.
  • We respect responsibility. Keep any information regarding detected vulnerabilities confidential.
  • If a vulnerability allows unintentional access to data: Limit the amount of information you access to the minimum required to prove the vulnerability (Proof-of-Concept, PoC). Stop testing if you encounter sensitive information.
  • If a user account is required to demonstrate the vulnerability, use only accounts that you own.
  • Do not attempt to perform denial-of-service attacks or social engineering attacks (e.g. phishing).

Rewarding

We reward vulnerabilities only through and according to the policy and scope of our Bug Bounty program. Join Elisa's Bug Bounty Program at: https://hackerone.com/elisa

How to report?

Please use the form below for reporting a vulnerability. When submitted, our security team analyses the reported vulnerability. We also ask that you provide us an email address where you can be reached if we need further information or otherwise need to contact you.

Report a vulnerability

Information on personal data management and data protection at Elisa: https://elisa.com/dataprotection