Report Security Issues

If you have discovered a security vulnerability on atoyontitan.shop, we encourage you to notify us immediately. We review all legitimate reports of vulnerabilities and work to address valid issues as quickly as possible.

Before submitting a report, please review this policy carefully, including our reporting principles, reward guidelines, and exclusions.

Fundamentals

If you follow the principles below when reporting a security issue to Atoyontitan, we will not initiate legal action or an enforcement investigation against you in response to your report.

We ask that you:

  • Give us reasonable time to investigate and fix the issue before disclosing it publicly or sharing it with others.
  • Do not access or modify private accounts or data without the consent of the account owner.
  • Make a good faith effort to avoid privacy violations, service disruption, destruction of data, or degradation of our services.
  • Do not exploit any security issue you discover for any reason, including to demonstrate additional risk or access sensitive data.
  • Do not violate any applicable laws or regulations.

Bounty Program

We value the efforts of security researchers who help us improve the safety and integrity of our services by reporting vulnerabilities responsibly.

Any monetary reward is offered entirely at Atoyontitan’s discretion and may depend on factors such as risk, impact, reproducibility, and the quality of the report.

To potentially qualify for a reward, you must:

  • Follow the reporting principles listed above.
  • Report a genuine security vulnerability that creates a security or privacy risk in our services or infrastructure.
  • Submit your report through our official security contact channel only. Please do not contact staff members directly.
  • Inform us immediately if, during your investigation, you inadvertently accessed personal data, service configurations, or other confidential information.

We review all valid reports. Due to the volume or complexity of reports, response times may vary depending on severity and investigation requirements.

We reserve the right to determine the validity, severity, and resolution priority of any report.

Rewards

Rewards, where offered, are based on the impact and severity of the reported issue. Reports must include clear, reproducible steps. If a report is not detailed enough for us to reproduce the issue, it may not qualify for a reward.

Please note:

  • Duplicate reports may only be rewarded for the first reproducible submission received.
  • Multiple vulnerabilities caused by one underlying issue may be treated as a single report.
  • Reward amounts, if any, are granted at our sole discretion.

Critical Severity Vulnerabilities — up to £200

Examples may include:

  • Remote Code Execution
  • Remote Shell or Command Execution
  • Vertical Authentication Bypass
  • SQL Injection resulting in sensitive targeted data exposure
  • Full account compromise
  • Financial theft or similar critical platform compromise

High Severity Vulnerabilities — up to £100

Examples may include:

  • Lateral authentication bypass
  • Disclosure of important internal company information
  • Stored XSS affecting another user
  • Local file inclusion
  • Insecure handling of authentication cookies

Medium Severity Vulnerabilities — up to £50

Examples may include:

  • Common logic design flaws
  • Insecure Direct Object References
  • Vulnerabilities affecting multiple users with limited user interaction required

Low Severity Vulnerabilities

Examples may include:

  • Open redirect
  • Reflected XSS
  • Low-sensitivity information disclosure

What Should Not Be Reported

The following are generally not considered eligible for rewards unless they clearly demonstrate a meaningful security impact:

  • Missing security headers without a demonstrated exploit
  • Version disclosure or banner disclosure
  • Issues requiring unrealistic user interaction
  • Reports based only on outdated software versions without proof of exploitability
  • Spam-related issues
  • Denial-of-service style testing or any testing that disrupts our services

Contact Us

If you would like to report a security issue, please contact us at:

Atoyontitan
Website: https://atoyontitan.shop
Email: contact@atoyontitan.shop
Telephone: +44 14 1579 0001