Achievements

I reported valid security vulnerability for the following companies. (Last Update September 9, 2017)


• 123 Contact Form — http://www.123contactform.com/security-acknowledgements.htm
• 4chan — https://hackerone.com/4chan/thanks
• ActiveCampaign — http://www.activecampaign.com/security/
• Adobe — http://helpx.adobe.com/security/acknowledgements.html
• Airbnb — https://www.airbnb.com/help/policies/responsible_disclosure#responsible_disclosure_policy
• Appcelerator — https://www.appcelerator.com/privacy/responsible-disclosure-of-security-vulnerabilities/
• Apple — http://support.apple.com/kb/HT1318
• Aha IO — http://aha.io/legal/security
• AndroidFreeApps — http://www.androidfreeapp.net/security-researcher-acknowledgments/ (May 2014)
• Apptentive — https://www.apptentive.com/contact/
• Appointlet — https://www.appointlet.com/
• Artsy — https://artsy.net/security
• Attack Secure — http://attack-secure.com/whitehat/
• Audiomack — http://www.audiomack.com/about
• Automattic — https://hackerone.com/automattic/thanks
• AVG Technologies — https://support.avg.com/support_contact_form?l=en_US
• AwardWallet — https://app.cobalt.io/awardwallet/awardwallet/hall-of-fame/all
• Barracuda Labs — https://barracudalabs.com/research-resources/bug-bounty-program/bug-bounty-hall-of-fame-2/
• Base CRM — https://getbase.com/security/
• Blackberry — http://ca.blackberry.com/business/enterprise-mobility/mobile-security/incident-response-team/collaborations.html (2014)
• Blackboard — https://bugcrowd.com/blackboard
• Blesta — http://www.blesta.com/responsible-disclosure/(CORE-931)
• Bidmail — http://www.bidmail.com/index.php/contact/
• Big Commerce — http://www.bigcommerce.com/about-us/
• BigParser — https://www.bigparser.com/security
• Birst — http://www.birst.com/security-reporting
• Bitcasa — https://support.bitcasa.com/hc/en-us/articles/202210658-How-To-Responsibly-Report-Security-Concerns
• Bitcurex — https://bitcurex.com/page/1485694-bezpieczenstwo
• Bitdefender — http://www.bitdefender.com/site/view/bug-bounty-hall-of-fame.html
• Braintree Payment Solutions — https://www.braintreepayments.com/developers/disclosure
• Brand and Sign — http://www.brandandsign.com/privacy/responsible-disclosure-policy/
• Box — https://www.box.com/about-us/security
• Bufferapp — https://bufferapp.com/security
• Bugcrowd — https://bugcrowd.com/bugcrowd/hall-of-fame
• Bugherd — http://bugherd.com/security
• Bugify — https://bugify.com/security
• Calameo — http://en.calameo.com/content/about_calameo-about-calameo.htm
• Calendar Budget — https://calendarbudget.com/support2/open.php
• Changetip — https://www.crowdcurity.com/changetip/hall-of-fame/all
• Cisco — http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
• CKEditor — http://ckeditor.com/blog/CKEditor-4.4.6-Released (CKEditor 4.4.6 Critical Patch)
• Cloudflare — https://hackerone.com/cloudflare/thanks
• Cloudsmith — https://help.cloudsmith.io/docs/exploits-hall-of-fame
• Colupon — https://bugcrowd.com/c028
• Commando IO — https://commando.io/security.html#hall-of-fame-section
• Compilr — https://compilr.com/forum/security-thanks
• Comodo Dragon — http://www.comodo.com/contact-comodo/contact-us.php
• Coinbase — https://hackerone.com/coinbase/thanks
• Constant Contact — http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp
• Crowdcurity — https://www.crowdcurity.com/crowdcurity/hall-of-fame/all
• Crowdrise — http://www.crowdrise.com/UnitedRelief-ARC (Reward ($100) Donated to Typhoon Haiyan Victims in the Philippines [2013])
• Cozy — https://cozy.co/security-and-privacy/
• Dell Secureworks — http://www.secureworks.co.uk/contact/disclosure/
• Detectify — https://detectify.com/responsible_disclosure/hall_of_fame
• Deutsche Telekom — http://www.telekom.com/security/acknowledgements
• Digital Fire — http://digitalfire.com/services/contact.php
• Dropbox — https://www.dropbox.com/special_thanks
• Dropcam — https://www.dropcam.com/security
• DuckDuckGo — https://duck.co/feedback/bug/-
• Duke University — https://security.duke.edu/policies/responsible-disclosure
• Duo Security — https://www.duosecurity.com/security
• Ecstasy Data — http://www.ecstasydata.org/contact.php
• Edmodo — https://www.edmodo.com/contact
• Electronic Frontier Foundation — https://www.eff.org/security/hall-of-fame
• Email On Acid — http://www.emailonacid.com/contact/
• EMC Corporation — http://www.emc.com/contact-us/contact/product-security-response-center.htm
• ESET Nod32 (Russia) — https://club.esetnod32.ru/about/
• Europa (CERT-EU) — https://cert.europa.eu/cert/newsletter/en/latest_HallOfFame_.html
• File Pigeon — http://www.filepigeon.com/faq/
• Ford Motor Company (Fleet Department) — http://www.fleet.ford.com/contact-us/
• Form Assembly — http://www3.formassembly.com/blog/formassembly-vulnerability-and-security-reporting/
• FoxyCart — http://www.foxycart.com/security-contact/
• Freelancer — https://www.freelancer.com/about/security/hall-of-fame
• Friendster — http://www.friendster.com/contact_us
• Game Institute — https://www.gameinstitute.com/contact.php
• Gapminder — http://www.gapminder.org/about-gapminder/contact/
• Gemini — https://exchange.gemini.com/security
• Geonode — https://github.com/GeoNode/geonode/commit/f48b14e26894c21006c165beb62a9a13265dba0e
• GF Overflow — http://www.gfoverflow.com/contact.php
• GitBook — https://www.gitbook.com/security
• GitLab — https://about.gitlab.com/vulnerability-acknowledgements/ (2014)
• Gizmo Host — http://www.gizmohost.com/contact
• Gizmo Quip — http://gizmoquip.com/#contact
• Gli.PH — https://gli.ph/security.html
• Google — https://www.google.com/about/appsecurity/hall-of-fame (Q3 - 2014 Reward Receipient & Honorable Mention & Q3 - 2017 Reward Receipient)
• Guidebook — https://guidebook.com/security/
• Hackerearth — http://www.hackerearth.com/recruit/faq/
• HackForCause — http://hackforcause.com/hall-of-fame/
• Hackerone — https://hackerone.com/security/thanks
• Harvard University — http://about.worldmap.harvard.edu/sponsors
• Hipmunk — https://www.hipmunk.com/about
• Honeybadger — http://docs.honeybadger.io/article/181-security
• Hotgloo — http://www.hotgloo.com/security/hall-of-fame
• HTC — http://www.htc.com/us/terms/product-security/
• Huawei — http://www.huawei.com/en/security/psirt/report-vulnerabilities/index.htm
• Hubspot — https://bugcrowd.com/hubspot
• Hubdia — https://hackerone.com/hubdia/thanks
• Hunter I/O — https://blog.hunter.io/security-bounty-program/
• IBM Corporation — http://www-03.ibm.com/security/secure-engineering/report.html
• iBuildApp — http://ibuildapp.com/about-us/
• Icecoder — https://bugcrowd.com/icecoder/hall-of-fame
• iDevAffiliate — http://www.idevdirect.com/contact.php
• Intel — https://www-ssl.intel.com/content/www/us/en/forms/webmaster-contact-us.html
• Internetwache — https://en.internetwache.org/security/
• Juniper Networks — https://www.juniper.net/us/en/security/report-vulnerability/
• Kayako — https://my.kayako.com/Knowledgebase/Article/View/853/0/security-vulnerability-fix-and-patch-policy
• Khan Academy — https://hackerone.com/khanacademy/thanks
• Lavasoft — http://lavasoft.com/mylavasoft/company/about.php
• Lleida — http://www.lleida.net/en/company/about-us
• LG Developers — http://developer.lge.com/footer/footer/RetrieveContactInfo.dev
• LinkedIn — http://help.linkedin.com/app/safety/answers/detail/a_id/37022
• Logentries — https://logentries.com/doc/security/
• Joomlart — http://www.joomlart.com/joomlart/contact-us
• JotForm — http://www.jotform.com/about/
• Magix AG — http://research.magix.com/(May 2014)
• MailChimp — http://mailchimp.com/about/security-response/
• MailRU — https://hackerone.com/mailru/thanks
• Mastercoin Foundation — https://bugcrowd.com/mastercoin/hall-of-fame
• MaxCDN — http://www.maxcdn.com/company/security/
• Meldium — https://www.meldium.com/security
• Memberful — https://memberful.com/help/general/security/
• Metrodeal — http://www.metrodeal.com/about-us
• Microsoft — http://technet.microsoft.com/en-us/security/cc308575#0114 (January 2014 and July 2016)
• Moment.Me — http://www.moment.me/
• Motorola — http://www.motorolasolutions.com/US-EN/About/Security%20Vulnerability
• Movember — https://bugcrowd.com/movember/hall-of-fame
• My News Desk — http://www.mynewsdesk.com/about
• Narrative Science — https://bugcrowd.com/narrativescience
• National Cyber Security Center (Netherlands) — https://www.ncsc.nl/security
• Nitrous I/O — http://help.nitrous.io/admin-security-response/ (2014)
• Nucivic — http://nucivic.com/security/
• Oculus VR — https://www.oculusvr.com/bug-submission/
• oDesk — https://bugcrowd.com/odesk/hall-of-fame
• OpenDrive — https://www.opendrive.com/security
• OpenText — http://www.opentext.com/Who-We-Are/Copyright-Information/Security-Acknowledgements
• Oracle — http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/2367958.xml (April 2015)
• Pagerduty — http://www.pagerduty.com/security/disclosure/
• Panorama9 — http://www.panorama9.com/security
• Paysa — https://www.paysa.com/security/whitehat
• PayPal — https://www.paypal.com/webapps/mpp/security-tools/wall-of-fame-honorable-mention (Quarter 2 of 2014)
• Perfectcloud — https://www.perfectcloud.io/about.html
• PhpNuke — https://downloads.phpnuke.org/en/email/contact_us.htm
• Pwnie Express — https://www.pwnieexpress.com/contact-us/
• Quantopian — https://www.quantopian.com/security
• Quora — https://bugcrowd.com/quora/hall-of-fame
• Rackspace — http://www.rackspace.com/information/legal/rsdp
• Rainedout — http://www.rainedout.com/contact
• Rapid7 — https://www.rapid7.com/disclosure.jsp
• Rebelmouse — https://about.rebelmouse.com/company
• RelateIQ — https://hackerone.com/relateiq/thanks
• Ribose — https://www.ribose.com/security/hall_of_fame
• Rietta — http://rietta.com/contact/security/
• Risk I/O — https://www.risk.io/security
• Robocoin — https://hackerone.com/robocoin/thanks
• Samsung — https://samsungtvbounty.com/HallOfFame.aspx
• Search on Zippy — http://www.searchonzippy.com/contact
• Sellfy — https://sellfy.com/security/
• Senate (GOV) — https://www.senate.gov/general/content_responsibility.htm
• Shaukk — http://shaukk.com/developers.php
• Site Liner — http://www.siteliner.com/contact
• Silent Circle — https://bugcrowd.com/silentcircle
• Slack — https://hackerone.com/slack/thanks
• SmartQ — http://www.getsmartq.com/support.php
• Sony — https://secure.sony.net/hallofthanks
• Sophos — https://bugcrowd.com/sophos/hall-of-fame
• Sourceforge Japan — http://sourceforge.jp/docs/SourceForge.JP%E3%81%AE%E9%80%A3%E7%B5%A1%E5%85%88
• SoundCloud — http://help.soundcloud.com/customer/portal/articles/439715-responsible-disclosure
• Splitwise — http://blog.splitwise.com/about/responsible-disclosure-special-thanks/
• StarHub — http://www.starhub.com/personal/support/contact-us.html
• Survey Gizmo — http://surveygizmo.helpgizmo.com/help/contact-us
• Spectrocoin — https://www.crowdcurity.com/spectrocoin/hall-of-fame/all
• Spotify — https://www.spotify.com/us/bounty/
• Sprout Social — http://sproutsocial.com/responsible-disclosure-policy
• SSLMate — https://sslmate.com/security
• Steam — https://support.steampowered.com/index.php
• StoptheHacker — https://hackerone.com/stopthehacker/thanks
• Stripe — https://stripe.com/docs/security
• Strivewire — https://strivewire.com/security
• Student CRM - Data Harvesting U.K — http://www.student-crm.co.uk/about/security/
• Swipe Identity — https://bugcrowd.com/c030/hall-of-fame
• Tagged — http://safety.tagged.com/security/
• The Email Laundry — https://www.theemaillaundry.com/responsible-disclosure/
• Thumbr — http://www.thumbr.io/tos
• Trend Micro — http://esupport.trendmicro.com/en-us/business/pages/vulnerability-response.aspx#acknowledgement
• Tresorit — https://tresorit.com/hacking-challenge
• Tumblr — http://www.tumblr.com/security
• Twitch TV — http://www.twitch.tv/p/security
• Twilio — https://bugcrowd.com/twilio/hall-of-fame
• Twitter — https://about.twitter.com/company/security (2013, 2014 and 2016)
• Typo3 — https://typo3.org/projects/typo3org/responsible-disclosure/
• Uber — https://www.uber.com/security
• uShip — https://help.uship.com/hc/en-us
• United States Naval Academy — http://www.usna.edu/About/
• UK Secure Web Hosting — http://www.uksecurewebhosting.co.uk/contact.php
• US Unlocked — https://www.usunlocked.com/contact_us.php
• U.S Department of Defense — https://hackerone.com/deptofdefense/thanks
• Valve Software — http://www.valvesoftware.com/security/
• Veridu — https://veridu.com/wiki/Security_Procedures#Vulnerability_Reward_Program
• Via Forensics — https://viaforensics.com/company/contact/
• Visa Incorporation — http://www.visa.com/globalgateway/
• Vox Analytics — https://www.voxanalytics.com/contact
• Wattpad — https://support.wattpad.com/hc/en-us
• WePay — https://hackerone.com/wepay/thanks
• Western Union — https://bugcrowd.com/westernunion/hall-of-fame
• Wizehive — https://www.wizehive.com/security/
• Wordpress — http://codex.wordpress.org/Security_FAQ
• World Vision Philippines — http://worldvision.org.ph/contact-us
• WPEngine — http://wpengine.com/contact/
• Yahoo! — https://hackerone.com/yahoo/thanks
• Yamaha Club Philippines — https://www.yamahaclub.com.ph/contact/
• Yandex — http://company.yandex.com/security/hall-of-fame.xml (March 2014)
• Yesware — http://www.yesware.com/security/
• YiiFramework — http://www.yiiframework.com/security/
• Zendesk — http://www.zendesk.com/company/responsible-disclosure-policy
• Zynga — http://company.zynga.com/security/whitehats (2014)