No technology is perfect, and MEE6 believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our product or service, we encourage you to notify us. We welcome working with you to resolve the issue promptly.

Bounty rules

• Only test on accounts and Discord servers you directly own
• Testing should never affect other users or servers
• Don't perform any actions that could harm the reliability or integrity of our services and data (brute forcing, DoS, etc...)
• Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
• Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
• No information about issues found should be publicly disclosed or shared until we've confirmed the completion of the resolution

Non-qualifying vulnerabilities and exclusions

• Denial of service
• Spamming
• Social engineering (including phishing) of MEE6 staff or contractors
• Any physical attempts against MEE6 property or data centers
• Vulnerabilities in APIs we integrate with (e.g Twitch or YouTube)
• Email SPF and DMARC records
• Open CORS headers
• Publicly accessible login panels
• Reports on the subdomain help.mee6.xyz