The Wattpad team works very hard to ensure that Wattpad is a secure environment where your account information is safe. However, if in the off chance you find a issue on Wattpad that could put the personal information and integrity of Wattpad and its users at risk, here's how you can report it to us.
What's considered a security issue
A security issue would be defined as a flaw in the technical (i.e. the coding of Wattpad) implementation or design of Wattpad, that would allow someone to affect the security of Wattpad users.
Some example issues would be vulnerabilities that allow for:
- Cross Site Scripting (XSS)
- Cross Site Request Forgery (CSRF)
- Remote Code Execution (RCE)
- Unauthorized Access to Private Information
- Performing Actions as Another User
- Performing Actions to Stories with an Unauthenticated Account
- Bypassing API limits
- Downloading of Wattpad stories outside of the official Wattpad apps
Where would a security issue be found
Please report security issues that can be exploited through the following methods of accessing Wattpad:
- Wattpad Android app
- Wattpad iOS app
- Wattpad desktop website
- Wattpad mobile website
Reporting a security issue
Reporting a security issue is done in the same way one would report a bug in Wattpad, save for some extra details that are required.
When reporting a security issue, include the following details:
- Your name
- Any organizations that you are associated with, along with your position (e.g. a penetration tester at a cyber security organization)
- How you came upon this security issue
- Detailed steps to reproduce the security issue
- Screenshots of the security issue occurring
To send a report, please send an email to firstname.lastname@example.org to initiate the reporting process.