If you discover a security vulnerability on our website, or within any of our games, this page will give you the information you need to report it to us in the best way and put you in contact with members of our development team that can respond and react to your report.

Reporting a Security Vulnerability

Our players and the security research community can help us quickly repair security problems by directly reporting vulnerabilities. To report a security issue or vulnerability, please email security@ioi.dk with all relevant details.

We’ll triage any reported issues and keep you up to date about the progress towards a proper resolution. We kindly ask that you make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing.

 

Scope

We appreciate reports of all security vulnerabilities, including but not limited to: Web security problems (e.g. cross-site scripting and SQL injection problems) as well as infrastructure security problems, and information disclosure issues.

Any IOI services available from the internet and any software developed by IO Interactive A/S is within scope. This includes our web applications, servers, and all of our games.

 

Bug Bounties

Unfortunately, it is not currently possible for us to offer a paid bug bounty programme.

 

Feedback

If you have any feedback or suggestions on this policy, please contact our security team at security@ioi.dk. This policy will evolve over time and your input will be valued.