Skip to main content

Security vulnerability reporting

Dashlane recognizes the importance of security researchers in helping keep our community safe. We encourage the responsible disclosure of security vulnerabilities directly to security@dashlane.com with the subject: "Security vulnerability report" or through our HackerOne bug bounty program.

Dashlane and HackerOne logos

Disclosure guidelines

  • Before reporting a security issue, please read our security FAQs.

  • Please provide thorough details regarding the vulnerability so that we can successfully recreate and address the issue.

  • Include proof of concept code, screenshots, or screencasts as needed.

  • Please be aware that depending on the severity of the vulnerability, we will need a reasonable amount of time to respond to and/or fix the reported issue.

  • Please make a good faith effort not to leak, manipulate, or destroy any user data. Please only test against accounts you own yourself or with the explicit permission of the account holder.

  • Please refrain from automated/scripted account creation.

  • If your report includes sensitive information, please use the following GPG key:

Copied to Clipboard

HackerOne bug bounty program reward eligibility

Dashlane may provide rewards to eligible reporters of qualifying vulnerabilities through our HackerOne bug bounty program. Reward amounts may vary depending on the severity of the vulnerability reported.

Dashlane reserves the right to decide if the minimum severity threshold is met and whether the vulnerability was previously recorded.

To qualify for a reward under this program, you should:

  • Be the first to report a specific vulnerability through our HackerOne bug bounty program.

  • Send a clear textual description of the report along with steps to reproduce the vulnerability. Include attachments such as screenshots or proof of concept code as necessary.

  • Disclose the vulnerability report directly and exclusively to us. Public disclosure or disclosure to third parties – including vulnerability brokers – before we address your report will result in forfeiting any potential reward.