FAQs

I contacted a customer via a forum or chat service that was intentionally created for customers and Hackers to talk, am I violating the Code of Conduct?

The Code of Conduct says "No Intellectual Property theft.” How does HackerOne enforce that?

I’m not sure I understand what Intellectual Property theft is or how that can happen on the platform. Could you provide some examples?

If I am collaborating with another Hacker, and I’m sharing vulnerability/report information in order to work together to identify and escalate vulnerabilities while testing, am I violating the Code of Conduct where it says “Do not disclose vulnerability i

My report has been labeled as Informative or N/A. Can I make the report information public, or do a write-up about it without checking in with the program?

I found a vulnerability that exposes Personally Identifiable Information (PII) or Personal Data, and I’m reporting the vulnerability to the customer, along with adding screenshots and other evidence about it. Am I in violation of the Code of Conduct guide

A Hacker is using abusive language, or engaging in other harassment, outside of the platform (e.g. social media, email, etc). Do you penalize Hackers for this?

I just found a data breach including customer data and credentials. Can I use those credentials to increase my scope and test for new vulnerabilities?

When I file a new report, I tell the Program how much money I want as reward for the vulnerability I’m reporting. Is that Ok?

I am collaborating with another Hacker, and we share report templates and bug information, but we don’t use the “collaboration” feature on HackerOne’s platform. Is this a violation of the Code of Conduct?

What is hate speech?