HYPR Vulnerability Disclosure

To review previous announcements please see HYPR Security Advisories.

Our Mission

We have one mission and that is to create a passwordless world. For us, security isn’t just about keeping the bad guys out. It’s about protecting people in everything they do, wherever they are.

HYPR founders realized passwords will continue to be the hackers’ favorite target unless something is done about it. They saw it as an opportunity to approach security in a brand new way. What if our everyday smartphone can be used to change the security and user experience landscape? That became the launching pad for HYPR.

Our global team comes from software, information security, and digital identity backgrounds to deliver security that’s meant for everyone. United by the common mission to create a passwordless world, we maintain a work ethic that prioritizes our customer’s success and growth.

HYPR looks forward to working with the security community to find vulnerabilities in order to keep our businesses and customers safe.

Rules of Engagement

HYPR asks researchers to willingly #hackthis. Nothing is off limits and for the benefit of all customers, we encourage every possible attempt to circumvent security.

At the same time, should your efforts lead to a discovered vulnerability, we kindly ask that you limit your access and exposure to customer data to only the information needed to report the finding to HYPR and to indicate the severity of the issue:

If you are keen to exploit identified vulnerabilities in a manner that risks the confidentiality, integrity, and/or availability of any resources not explicitly owned by you during testing processes - please reach out with your request and an environment can be cloned to mimic production use.

  • HYPR does not support security response reports which focus on phishing, spam, social engineering, or otherwise defrauded social schemes impacting customers or HYPR employees for access.
  • HYPR does not encourage security testing of local and physical premises. Do not attempt to socially engineer employee office access and similar constructs.
  • HYPR is interested in denial of services (DoS) or distributed denial of service (DDoS) attacks against HYPR resources to prove stability. At the same time, HYPR requests that you reach out and we may clone an environment in which you can test against. Please also provide your experienced and well-intentioned interest in this.

If you are not sure about whether your testing approach is covered or any other questions, please reach out to security@hypr.com to coordinate and collaborate with us.

HYPR deeply appreciates the work of security researchers and may reach out to researchers to engage in planned media or blog posts. Upon mutual agreement both parties can disclose details of vulnerability findings. Please refer to the Privacy Policy for more information on how we handle your personal information. HYPR also respects your rights under GDPR (EU) if applicable and other local jurisdictions such as CCPA (California).

Scope

Please refer to https://hackerone.com/hypr-corp for the latest scope information.