To report a security issue, please email firstname.lastname@example.org. This will page an on-call security team member immediately.
If possible, use our PGP key. The fingerprint is
3216 3264 8943 CD5D ED85 C894 7065 2BA9 A317 F933.
There are some false positives that you might run into:
- Apparent brute force attacks against our login endpoint are usually not meaningful as we use mitigation methods that are not visible to the majority of clients.
- Minutiae about autocomplete, field masking, charsets, etc. is typically not useful.
Researcher Hall of Fame
Cupcake would like to thank these security researchers for reporting issues: