SECURITY POLICY
You confirm that you have read and agree to honor the terms
Last Modified: Jan 1, 2025
BATTLE PASS offers a wide range of services that are used by millions of people around the world. We stores valuable data that we want to protect from malicious threats. Security reports help us ensure the security of our data and players.
Thank you for your help!
Report a vulnerability
We appreciate the work of security researchers and would like to invite everyone who is willing to take the time to help BATTLE PASS to improve security to share their opinion with us. BATTLE PASS is committed to interacting with the community and is grateful for your contribution!
If you would like to report a security issue that you have discovered, be sure to read our terms and conditions and comply with them before submitting reports to us.
Domains
*.battlepass.io
Services and corresponding servers
BATTLE PASS
MUTINY
Types of vulnerabilities
Disclosure of information such as application and version banners, stack traces, server errors, internal IP addresses, or path disclosure;
Brute force attacks using a username/password, account blocking, listing a username/email address (attacks that go beyond blind testing may be considered);
Any physical attacks on BATTLE PASS Facilities or Property or employees;
Any social engineering attacks (e.g. phishing, email spoofing or self-XSS);
Open redirects;
Problems with TLS/SSL;
Any exhaustion и disruptive атаки, such as (Distributed) denial of service, spam requests, slow-loris, etc.;
Click-jacking;
CSRF Issues Affecting Account Integrity;
Cookie security (e.g. secure flag);
Outdated or known vulnerable software (problems of high severity can still be considered depending on the possible impact);
Fraud incidents or problems related to in-game exploits.
We will make every reasonable effort to investigate and resolve the reported problem within 90 days. However, in some cases BATTLE PASS may need more time, but we will contact you. Do not share information about the report until BATTLE PASS informs you that the problem has been solved, so that attackers cannot use your information and do not harm the ecosystem of Services and other users of these Services.
Do not change any data that you have accessed as a result of your investigation, so as not to harm the ecosystem of Services and other users of these Services.
Avoid privacy violations and disruptions, including (but not limited to) affecting the quality of service through (D)DoS, data deletion, or access to personal accounts (for example, through phishing). You remain personally responsible for any privacy violations, failures, or any violations of applicable laws or regulations that you commit, even if you participate in the search for security vulnerabilities. Don't try to exploit the vulnerability (for example, don't try to access a machine or perform a pivot/scan of an already compromised one to demonstrate additional risk).
Don't try to exploit the vulnerability (for example, don't try to access a machine or perform a pivot/scan of an already compromised one to demonstrate additional risk).
Do not violate any other applicable laws or regulations.
You acknowledge that providing us with a report or any feedback does not entitle you to any remuneration, compensation or remuneration of any kind.
You can report a problem by contacting us security@battlepass.io.
Important Note: Project is currently in beta and this document is not final. We reserve the right will be updated this document from time to time.
Please follow the news only in our official social media accounts.
Last updated