Note: This article is for security researchers only. If you're a Dropbox user, and you feel that your account has been compromised or hacked, please contact Dropbox support
Our responsible disclosure policy promotes the discovery and reporting of security vulnerabilities. If you're a security researcher, and you think you've found a vulnerability with Dropbox, please follow the steps below.
- Potential security bugs and vulnerabilities should be reported to us on the third party service HackerOne.
- Note: If you're a Dropbox user, and you feel that your account has been compromised or hacked, please do not use the Hacker One service. Instead, please contact Dropbox support.
- Give us reasonable time to respond before making any information about the security issue public.
- Do not access or modify user data without permission of the account owner.
- Act in good faith not to degrade the performance of our services (including denial of service).
We will not sue you or ask law enforcement to investigate for activities that comply with these principles.
We're honored to spotlight people who contribute to the security of Dropbox, and recognize them on HackerOne.