Skip to main content

Security

Reporting Security Issues

We want to keep Rocket Internet and ventures safe for everyone. If you’ve discovered a security vulnerability in our systems or in one of our ventures, we appreciate your help in disclosing it to us in a responsible manner.

Publicly disclosing a vulnerability can put everyone at risk. If you’ve discovered a security issue, we appreciate responsible disclosure of the details to our team. Please inform us following the procedure described below. We’ll work with you to make sure that we understand the scope of the issue, and that we fully address your concerns. We consider vulnerability disclosures our highest priority and we will try to address any issue as quickly as possible.

Infrastructure

Scope

We are primarily responsible for the following scopes:

  • *.rocket-internet.com
  • *.rocket-internet.de
We also act as facilitators in disclosing issues to our ventures (check the list).
In case of difficulties in reporting security problems to one of our companies, we will be happy to help ensuring that issues are reported to the relevant entities and resolved in a timely manner.

Social engineering, phishing, DDoS, spam or physical attacks are not allowed. When in doubt, act responsibly and get in touch with us for any questions.

Disclosure

If you believe you've found a security vulnerability in one of our platforms please send it to us by emailing [email protected].
We encourage the usage of GPG-encrypted mails, as detailed below. Please include the following details with your report:

  • Description of the location and potential impact of the vulnerability
  • A detailed description of the steps required to reproduce the security issue (PoC scripts, screenshots, session recordings)
  • Your name/handle for recognition in our Hall of Fame.

Delivery

Secure Communications

If you want to disclose a particularly sensitive security issue, we recommend you to encrypt any communications to us.
Our GPG key is listed here below and available on public keyservers.

pub   rsa4096 2018-01-19 [SC] [expires: 2019-01-19]
      B95FDE0E49D8EA9D8EFE00F7AA23E4D091004557
uid           [ultimate] Rocket Internet SE - Security Contact <[email protected]>
sub   rsa4096 2018-01-19 [E] [expires: 2019-01-19]

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFph1YEBEADBtisSs1cq2wGq5bs7GD5rwNHFPNGvifx4FmNED8jPrkHCwiRl
pEJspjLel7/lZ86Au5HbI2kKO1JnueMmTWq9l4++YOsMMUmC3+kfZQVmpxSIKF2c
bW0oiaH7VhDBksTc9LAj0c4z5LgbQxqh4NnHvWxCmbI5pbqiGgsdMns0zHowwylp
WLjcAIXVrJ+o9ZIfv0sSggxFBgPpScJbKk/MSFfh11oidp/eBgmNODRJYp9J3V7X
C54jqHR1292F0WE5uO0LedzBbKpOGT6nuywdbwsqXms006jT5GqWp0blE1Wmqt6K
Yo9URqCGNhd5KatIy7eFFBsJnt9cr80xPUS41lTxqbo3iZasDhOFW8rIa6K141se
cHb4zvV6mNWGcl5Gg2d4CHsXAZD6abNzsRCPPuHwO6b++A2suU9TLXcYBD5GC/9T
GWZcDhHaEkm8ti8DIiLLzGhl86P9lCt6BN+yZeOPP6zD5Oiwm+oMU/y+j6P0mwyr
WvfscdC6rQ0KXnp2t/cb4g97vRBKhNjrx2AL/Mb7v5D+P/sViSQ3T2DiDaIUa0fH
dNs+D/0GiAtjRvG0NYTsxedfqZH7h8036Ea0zq5U4s8LGJ5tqDq9tkslfGXwXZrc
WpC2r4GWo30+90q0AvBg0a5T8C1eG24W//XjYj36bjYIZzobFna/9nlJGQARAQAB
tERSb2NrZXQgSW50ZXJuZXQgU0UgLSBTZWN1cml0eSBDb250YWN0IDxzZWN1cml0
eUByb2NrZXQtaW50ZXJuZXQuY29tPokCVAQTAQgAPhYhBLlf3g5J2Oqdjv4A96oj
5NCRAEVXBQJaYdWBAhsDBQkB4TOABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ
EKoj5NCRAEVXqo8QAJRkhvkKGYFXdNThxgDpbSdheCpUh2i++tAXCE/fnyposp2l
ey2EQq8A7E8XsOMtK+mKdpOOICGmS6waeXGEbL+G1N2swwaqCEnlSy5BtdlcduBz
RWN8ey95O5SE1tAi6O5lCeKwCWFu048e1oL+5fkexnpbsz8wln8c/GfuRNxBDxsH
F8pUyJjfjulRtJi15YSOUJzM0isiTqWVSZ5YCZDWSx48BRVOOXjsZ1MtaGHm5WKc
me15ELJS4wEbaBI05Yw1CXk1/gwZmzn1YmDaM429XhqRPmg2vGv//3ZlNTE9f2xX
8vBP5NkW3IUTQfX9zxfQCfSoM3beda1OCa1vUR7wfafwiep38/y9syhIXIApUxzD
iT896geNwS9TIXGEJ48gjHuEiVTf6sXy4VPwl/Rrui5XIABQ83Z6FV9ZDXofsBF3
9uiE2T+M9dU4DQjHQ151/M1jiXjzN/wV80RNYu1+TxcnX156ZOJPYC0B05ojoATM
x5bIthcGlmBvQGPWWitWaHSk4dFVUeLvACVzXhQlP6QcMrnzHyJUv/G+Z250YGBP
buasWeVWE710o+nucXqel4iXOAg+KXI1hATMP77fdiWOaMqE8sCxS7cpQPfvSCCW
ws9YMqaqttd1tvLGdEnZb88woq3BD8YsJlsdbIw01WTU7+n8PbKQ6+ytqG70uQIN
BFph1YEBEACz3ZoC3io6BK6tciQvGmN24awMcg/L//TMnSBK5k4QxZA1q9tEvi4G
zecCERZ05TmBnIzMAmNJuUSpbyykJUIwoDwycAbkHbIK64g5dwxNP6zCd6Z3WEzY
Z4Egfs2yI3c2BH+ILCTH3B8WnXlf/HsiZbaMcSN0MV5OVVEQdX4f87ejUFGHCK7Z
9DdfW69g0kvUcK4g2TaBd4Diwy/S78fOq+j9VZEKNQnbhSDXjxpx2vKtSwyZsPvo
de64kGjpdNp0TchO6jAzJScZEvbdSmh9+3I/6aLWcZGcXN1oZmZXp0MFKO/sr5gl
axYldAwqNtGCkEFaEz9pFh2qwyyt0wzsGAWR08ybtspirkZVlW0aYlpM7YxxjwN7
chPBuK++gI5bAeRtHtokyJ0MC1JaCQYNi4dGOMMLGDQhuzjt+cYmAU8CBc5YIRBS
aitmLxSsuC9Aq1yEruTP0L+5vCS+XW34AvrUxU2M4UXbxlaefZIyoVKgI4WAKXem
Kqx/1aZJiGEigGCK4b+dmqObptInCfHPgzaBBOX4aL/JhNsWH7qEJA8k1ALIZsHp
B0J4cmc/9XEP0MyNqCk9vwhunhTH+AJ0G4deLBCyvKXwFyZLsuZ4zjhy4+VY1+lR
s4WFpO/3Qk9hv5x1BcUB/RvbosS8EV9buNK5EVn9bKHx9VFjedr4VwARAQABiQI8
BBgBCAAmFiEEuV/eDknY6p2O/gD3qiPk0JEARVcFAlph1YECGwwFCQHhM4AACgkQ
qiPk0JEARVcw8g/+MdE8U8E2fRjN/G19zhiVFxiuyCHks6TKw91BZLd5JLIxI9TQ
VLa6SmT2KwMElvLsfYuV+6q4Au+qiYipuDOVeWaQOoZSrlcvMUNtEqtCsA/CMZed
/SkJIanIOjS2vaktjBgR36FQp901hVdYCGJeko/zPNsTiC9gcwp4NyP50eV3FP31
80lEeSqKCnbmHyawfkCE8BSIWk5xQ8fP+U5MZCHiy4JjtcgnuQp8mdQtLs6n6MY3
6SDLAWAJO+FuWVIk6Mdl+8PLb8/gK/ZaeZNQyGnFeTtjgOeeteYy5+J/zwwxp8CC
1vA1/SbiKJG3b0ICQZkFSVtcdFfyIW6hTW7LhRF9qz2UFAG7a8mHJTegR/xkf4+C
oqFd7udl8BNOrVANYTPboKtrKGD2m9s3iovqdzmr/lnAOHsyusqmSQp9txplXuy1
xfb+/UOSMND6PxlF4WQH32/DeAuNiF/U2+ImqwL7pL5BdZkHf0TSv2svJKHipahx
Sz3d+cgEuIu7uqcfUjIh4N897wdZAgkTw6mmb0zowYpcqXmZI0coLXpKtXrnFNh+
EBGsnUyWuMPe6roVLwuZif36RUywz9U+Q5XUrmNULpLPW4aQNsWrlhwZsKaoDt29
E75Uz1SW07wvyuaDl+fHwwqQtFIrt48IH1vkpAB85pNr0AiM4IW8Z1R4ZyU=
=hScb
-----END PGP PUBLIC KEY BLOCK-----

Contributors

We would like to thank the following people who helped improve our security:

2019

Aron Molnar von Offensity
@AronMolnar2 - https://www.linkedin.com/in/aron-molnar-37b466166/
@offensity - https://www.offensity.com

2018

Wen Bin Kong
@kongwenbin - https://linkedin.com/in/kongwenbin

2015

Ateeq Khan
@CyberCrimeNEWS