White Hat Information
If you believe you have discovered a security vulnerability or exploit on EpikChat, we encourage you to let us know right away. We investigate all legitimate reports and do our best to fix confirmed issues as quickly as possible. Reports can be sent to support@epikchat.com.
Responsible Disclosure Policy
If you give us a reasonable amount of time to respond to your report before making any information public, and you make a good-faith effort to avoid privacy violations, data destruction, or interruption or degradation of our service during your research, we will not bring legal action against you or ask law enforcement to investigate you.
To show our appreciation for security researchers, we may offer opportunities to test new features before release and award unique badges to qualifying accounts. Monetary bounties are not available at this time.
We are interested in reports covering the following types of issues:
- WebSocket exploitation
- Cross-Site Scripting (XSS)
- Circumvention of platform, privacy, or permission models
- Remote Code Execution (RCE)
- Privilege escalation
- Chat data handling
- Broadcast streaming or viewing MITM attack vectors
We strongly encourage you to use a test account instead of your personal account when investigating bugs. Please include the username of any test account used in your report so we can identify your activity more easily and avoid mistaking your research for unsanctioned or malicious behavior.
If you are unable to reproduce an issue with a test account, you may use a real account, except for automated testing. Do not interact with other accounts without the consent of their owners.