Our Company's Bug Bounty Program

Welcome to the AccountKings Bug Bounty Program. We value the contributions of the global cybersecurity community and recognize the importance of incentivizing security research to enhance our digital infrastructure's safety. We urge security enthusiasts, ethical hackers, and researchers to help us identify vulnerabilities in our products and systems.

Program Rules

Before you report a bug, please review these rules:
Respect privacy: Only test for vulnerabilities in systems you have permission to access.
Avoid disruption: Do not engage in activities that may degrade our services or inconvenience our users.
Maintain confidentiality: Do not disclose the bug or vulnerability to the public or third parties before we have resolved it.
Report promptly: If you discover a vulnerability, please report it to us as soon as possible.


Our bug bounty program covers the following domains and applications:
Any services hosted on subdomains of these sites are also in scope.

Out of Scope

Our third-party vendors, recently acquired companies, and any other assets not explicitly stated in the scope list are excluded from the program. As well as:

- Rate limiting or brute force issues on non-authentication endpoints
- Software version disclosure
- Clickjacking on pages with no sensitive actions
- Unconfirmed reports from automated vulnerability scanners

Reporting a Bug

To report a vulnerability, please send an email to [email protected]. Reports should follow standard professional outlines containing executive summaries, reproduction, examples, thorough explanations, and suggested resolutions, at minimum, one report per bug or per related set of bugs. Please also include any plans you have for potential public disclosure, including the expected timeline and location of such disclosure.


The rewards vary depending on the severity of the vulnerability and the quality of the report. We use a system based on the CVSS (Common Vulnerability Scoring System) to determine the severity of the vulnerabilities. In general, the impact assessment is based on the attack's potential for causing privacy violations, financial loss, and other user harm, as well as the size of the user base at risk.

Here Is Our Reward Structure:
- Critical (9.8 - 10.0): Up to $600
- High (7.0 - 9.7): $60 - $200
- Medium (4.0 - 6.9): $35 - $60
- Low (0.1 - 3.9): $15 - $35
- UI Related Bugs (of any nature): Up to $15
Please note that these are general guidelines, and reward decisions are up to the discretion of Our Company's Bug Bounty Review Team.


By participating in Our Company's Bug Bounty Program, you agree to comply with all applicable laws and regulations. You also agree not to engage in any destructive or disruptive testing or any activity that could harm Our Company or its users.
In the event of any legal action arising from your activities, you agree to indemnify and hold harmless Our Company. If you comply with this policy and submit a bug report in good faith, we will not pursue any legal action against you concerning your report.


We're always trying to improve our bug bounty program. If you have any suggestions or questions, please don't hesitate to get in touch. Thank you for helping make AccountKings and the internet a safer place!