Have you discovered a vulnerability in our systems? We’d love to hear about it. Your help allows us to prevent abuse and improve the security of our services.
More tips on online security
Good to know
Have you received a fake email, SMS, or letter (phishing)? Know how to recognise and report them:
How to report a vulnerability?
Rewards for reporting via HackerOne
Anyone can report a vulnerability, even if you're not a customer. Use our form on HackerOne to do so:
Report a vulnerability via HackerOne
We offer appropriate rewards through HackerOne if your report helps us fix vulnerabilities. Our reward structure is listed on the HackerOne page. Athora decides whether you qualify for a reward and the amount. No reward will be given if:
- Someone else has already reported the same (or a similar) vulnerability.
- The vulnerability is already known to us.
- There is abuse or violation of the rules.
Anonymous reporting
You can also report a vulnerability anonymously (in Dutch or English) by emailing us at:
ResponsibleDisclosure@athora.nl
Include sufficient information in your email to allows us to reproduce and verify the vulnerability, such as a specific URL, a step-by-step plan or a proof of concept. Please note that we will not be able to give you a reward if you report anonymously.
Rules
Athora Netherlands greatly appreciates your report, but we also believe it is important that all our customers can continue to use our online services safely and without disruption. Therefore, please follow the rules below, act in good faith, and avoid disproportionate actions.
-
Which vulnerabilities can you report?
-
Do not abuse
-
Social, physical and brute force testing are not allowed
-
Do not disturb other users or compromise their data
-
Do not cause damage
Have you accidentally violated any of these rules? For example, by causing a publication, a disruption, or other damage, please contact us immediately:
What we do with your report
Our security experts will investigate your report. We aim to send an initial substantive response within three working days.
Your privacy
We do not share your data with others, nor do we use it for any other purposes, unless we are legally obliged to do so, for example in response to a request from the judicial authorities.