ebanx terms & conditions

Responsible Security Vulnerability Disclosure Policy

May 28, 2024

Information security is taken very seriously at EBANX, which is why we are committed to adhering to industry best practices and regularly going through the process of internal and external audits to ensure we are able to protect ourselves, our traders, partners and customers from any risk.

EBANX also recognizes the positive impact that security research can have on our services and the important role that the security community plays. That's why we rely on an external bug bounty program. BugHunt is a program of this nature that allows researchers to report security flaws in EBANX and companies in its system.

Each vulnerability reported to the Cyber ​​Security team must be analyzed for validity and complexity, and a score is issued that reflects a reward.

If despite our efforts you believe you have found a security issue in our APIs, systems, plugins, SDKs, platforms and/or applications, please register at bughunt.com.br and provide details about the vulnerability found including necessary information for reproduction and validation, a Proof of Concept (POC), and any other information you deem necessary to reproduce or to explain the impact of the vulnerability.

Furthermore, we explicitly ask researchers to refrain from:

  • Anything that may degrade the availability of our services (e.g. denial of service attacks);

  • spamming;

  • Impersonation and other social engineering attacks (including phishing) against our employees, merchants, partners and/or customers;

  • Physical security attacks;

  • Violation of data privacy;

  • Modification of any data;

  • Publicly disclose a vulnerability before we have the opportunity to address the issue within a reasonable period of time;

  • Any lateral and post-exploration movement after initial exploration.


To report

Please register on the BugHunt platform and submit your report. By following the above guidelines, we undertake not to take legal action against you or seek the involvement of authorities.