The Wattpad team works very hard to ensure that Wattpad is a secure environment where your account information is safe. However, if in the off chance you find a issue on Wattpad that could put the personal information and integrity of Wattpad and its users at risk, here's how you can report it to us.
What's considered a security issue
A security issue would be defined as a flaw in the technical (i.e. the coding of Wattpad) implementation or design of Wattpad, that would allow someone to affect the security of Wattpad users.
Some example issues would be vulnerabilities that allow for:
- Cross Site Scripting (XSS)
- Cross Site Request Forgery (CSRF)
- Remote Code Execution (RCE)
- Unauthorized Access to Private Information
- Performing Actions as Another User
- Performing Actions to Stories with an Unauthenticated Account
- Bypassing API limits
- Downloading of Wattpad stories outside of the official Wattpad apps
Where would a security issue be found
Please report security issue that can be exploited through the following methods of accessing Wattpad:
- Wattpad Android app
- Wattpad iOS app
- Wattpad desktop website
- Wattpad mobile website
- Wattpad Blackberry app
- Wattpad Covers app for iOS
- Wattpad Covers app for Android
- Wattpad After Dark on iOS
- Wattpad on JavaME
Reporting a security issue
Reporting a security issue is done in the same way one would report a bug in Wattpad, save for some extra details that are required.
When reporting a security issue, include the following details:
- Your name
- Any organizations that you are associated with, along with your position (e.g. a penetration tester at a cyber security organization)
- How you came upon this security issue
- Detailed steps to reproduce the security issue
- Screenshots of the security issue occurring
To send a report to Wattpad Support visit https://support.wattpad.com/hc/en-us/requests/new and select 'Something's not working (Report a bug)' from the drop-down menu on the left. Complete the form and submit it. A member from Wattpad Support will follow up with you on your report.