No technology is perfect, and Athento believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you’ve found a security issue in our product or service, we encourage you to notify us. We welcome working with you to resolve the issue promptly.
Current conditions apply to bugs reported from 6th May 2020.
While researching, we’d like to ask you to refrain from:
The following finding types are specifically excluded:
These are the rewards that we consider:
For any other small bug, security recommendations or bugs reported outside app4.athento.com, bugs that have a very low probability of materialization, the reward is 20€. Even in domains differents from app4.athento.com, reports may not qualify due to being deprecated or any other reason that the security team will explain. We encourage to ask first if you are going to focus in domains different to app4.athento.com.
Any report for a given URL and some of its variant will be considered as ONE report.
Rewards will be sent using PayPal to email account used in report. Please, return invoice to acc at athento.com.
Thank you for helping keep Athento and our users safe!
These are the bugs that others have reported previously:
We want to thank especially for their professional collaboration to:
Fahimul Kabir Lemon
Owais Ahmed Siddiqui