Sorry, our help centre doesn't currently work in browsers set to 'private mode', please disable and reload the page to continue.
A reminder that artist payments are processed from the 15th-20th of each month.
#

Reporting a Security Concern

If you have a concern about your order or Redbubble account, please visit our Customer Experience Team.

Security Researchers 

If you believe that you have found a general security vulnerability in the Redbubble website, please submit a description of the vulnerability and its impact, along with reproduction steps, to security@redbubble.com.

Responsible Disclosure Policy

The following guidelines apply when investigating and reporting security vulnerabilities to Redbubble:

  • Please give us enough time to investigate and resolve the vulnerabilities you report to us before making them public, or sharing details of a vulnerability with others.
  • In no circumstances should you:
    • exploit any security vulnerability you discover (this includes pivoting to demonstrate additional risk),
    • access or modify data from any other user without their permission (you may create new accounts to test against); or
    • do anything to negatively impact the experience of Redbubble users, such as interrupting our services or destroying data.

Valid Targets

The Redbubble website at www.redbubble.com and associated services.

Note that the following domains are hosted by third parties and should be reported to the relevant service provider:

  • artplustech.com
  • email.redbubble.com
  • events.redbubble.com
  • feedback.redbubble.com
  • help.redbubble.com
  • horizon.redbubble.com
  • instagram.redbubble.com
  • iosbeta.redbubble.com
  • link.redbubble.com
  • shareholders.redbubble.com

What Are Some Examples of Valid Vulnerabilities?

  • Anything in the OWASP Top 10
  • Remote code execution
  • Authentication and authorization vulnerabilities

What Are Some Examples of Invalid Vulnerabilities?

  • Username enumeration
  • Social engineering
  • DOS/DDOS
  • Missing HttpOnly flags, Secure flag, browser cache vulnerabilities
  • Output from automated tools without a proof of concept
  • Best practices. We don't accept submissions that are simply configuration/policy suggestions
  • Flaws specific to out of date browsers/plugins
  • Usability/UI issues

If you have any questions, or would like to submit a vulnerability to us for review, please email security@redbubble.com

Was this article helpful?