At Myntra, we take the security of our systems seriously, and it is our constant endeavor to make our website a safe place for our customers to browse. However, in the rare case when some security researcher or member of the general public identifies a vulnerability in our systems, and responsibly shares the details of it with us, we appreciate their contribution, work closely with them to address such issues with urgency, and if they want, publicly acknowledge their contribution.
If you happen to have identified a vulnerability on any of our web properties, we request you to follow the steps outlined below:
Please contact us immediately by sending an email to firstname.lastname@example.org with the necessary details to recreate the vulnerability scenario. This may include screenshots, videos or simple text instructions.
If possible, share with us your contact details (email, phone number), so that our security team can reach out to you if further inputs are needed to identify or close the problem.
If you intend to make the information public for educational or other such needs, please give us reasonable time to appropriately fix the problem before making such information public. Our security team will work with you to estimate and commit to such time frame.
If the identified vulnerability can be used to potentially extract information of our customers or systems, or impair our systems' ability to function normally, then please refrain from actually exploiting such a vulnerability. This is absolutely necessary for us to consider your disclosure a responsible one. While we appreciate the inputs of Whitehat hackers, we may take legal recourse if the identified vulnerabilities are exploited for unlawful gains or getting access to restricted customer or system information or impairing our systems.
We do not have a bounty/cash reward program for such disclosures, but we express our gratitude for your contribution in different ways. For genuine ethical disclosures, we would be glad to publicly acknowledge your contribution in this section on our website. Of course, this will be done if you want a public acknowledgement.
Arif Khan (www.andmp.com)
Tushar Kadam (https://www.facebook.com/tushar.kadam.562)
Deepanshu Tyagi (https://www.facebook.com/dtyagi53)
Sumit Sahoo (http://www.sumitsahoo.com)
Vineet Kumar (https://bughunter.withgoogle.com/profile/80ae25f5-877d-4402-94e8-7902cacdb4b9)
Shivam Kamboj (https://twitter.com/sechunt3r)
Avinash Jain (https://twitter.com/logicbomb_1)
Irfan Sayyed (https://www.instagram.com/irfansayyed19/)
Vishal Saxena (https://in.linkedin.com/in/vishal-saxena-65377762)
Kartik Singh (https://www.facebook.com/kartik.singh0816)
Jeevan Singh (https://facebook.com/Mr.M4fi4)
Vipin Chaudhary (https://www.linkedin.com/in/vipin-chaudhary)
Abhilash C D (https://www.linkedin.com/in/abhilash-c-d-ba490920)
Nessim Jerbi & Nouri (https://www.instagram.com/nessimjerbi/)
Arush Nagpal (https://www.linkedin.com/in/arushngpl16)
Tanishq Monga (https://www.linkedin.com/in/tanishqmonga)
Sheetal Tripathi (https://www.facebook.com/lovey.tripathi.92)
Sukhmeet Singh (http://www.madguyyy.com)
Rafael Pablos (http://silverneox.blogspot.com)
Tanoy Bose (https://twitter.com/TanoyBose)
Nitin Goplani & Jatinder Pal Singh (http://in.linkedin.com/in/nitingoplani)
Vaibhav Deshmukh (https://twitter.com/CybrXpert)
Kamil Sevi (https://twitter.com/kamilsevi)
Parth Malhotra (https://facebook.com/parthmalhotra3223)
Sujit Ugale (https://www.facebook.com/ugalesujit)
Shahmeer Amir (https://www.facebook.com/Shahmeer.1994)
Anand Prakash (https://www.twitter.com/sehacure)
Mohan Anjanikur Yelnadu
Shyam Achuthan (http://www.shyamachuthan.com)
Sandeep Shetty (http://sandeep.io/)