I'm a security researcher, and I found a vulnerability with Dropbox. How do I report it?

Note: This article is for security researchers only. If you're a Dropbox user, and you feel that your account has been compromised or hacked, please contact Dropbox support.

Our responsible disclosure policy promotes the discovery and reporting of security vulnerabilities. If you're a security researcher, and you think you've found a vulnerability with Dropbox, please follow the steps below.

  1. Potential security bugs and vulnerabilities should be reported to us on the third party service HackerOne.
    • Note: If you're a Dropbox user, and you feel that your account has been compromised or hacked, please do not use the Hacker One service. Instead, please contact Dropbox support.
  2. Give us reasonable time to respond before making any information about the security issue public.
  3. Do not access or modify user data without permission of the account owner.
  4. Act in good faith not to degrade the performance of our services (including denial of service).

We will not sue you or ask law enforcement to investigate for activities that comply with these principles.

We're honored to spotlight people who contribute to the security of Dropbox, and recognize them on HackerOne.

Did this article answer your question?

We’re sorry to hear that. Let us know how we can improve:

Thanks for your feedback!

Community answers
    Community answers

      Other ways to get help

      Community

      Twitter support

      Guided help

      Other ways to get help

      Community

      Twitter support

      Guided help

      Other ways to get help

      Community

      Twitter support

      Contact support