If you've found a security vulnerability on the Udemy site, please report it through HackerOne. Our security team will investigate all legitimate reports and will do their best to fix issues as quickly as possible.
Our bounty program is designed to reward those who help us maintain a safe Udemy site for all of our users. Udemy will pay a bounty for legitimate, previously unknown reports. All payments will be sent directly through HackerOne.
In order to receive the bounty reports must:
- Be an original, previously unreported bug. Known vulnerabilities will not qualify for a reward.
- Be a vulnerability that allows a user to break into the system, allows a user to violate someone else's accounts, or allows a user to compromise user data
- Be resolved by our engineers before the reward is provided.
Please note that Udemy reserves the right to withhold bounty payments if we believe the reporter has taken actions to endanger the security of Udemy’s customers.
If you are interested in participating in this program, please provide detailed steps to reproduce this vulnerability though hackerone.com/udemy.