The Lazada Group takes security very seriously and makes every effort to fix vulnerabilities promptly. To report security vulnerabilities, please proceed to Lazada Bug Bounty Program website https://security.alibaba.com/en/. You can find the details of the Bug Bounty on the website.
We investigate every reported security bug thoroughly and promptly. If you are a customer and your matter is related to unknown or suspicious orders, transactions, account or password, changes, please use our contact us at email@example.com for a faster reply
The information you share with Lazada as part of this process is kept confidential within Lazada Group. However, we may share it with external sources on a strictly need-to-know basis. Any information that is personally identifiable to you will be processed in accordance with data protection laws.
Lazada will review your vulnerability report and assign it a tracking number.
In an effort to protect our customers, Lazada respectfully asks you to refrain from posting, sharing or otherwise disseminating (in any form or manner) any information about a possible security issue in any public medium until we have investigated, responded to, addressed the reported issue and informed customers if needed. Please be informed that the posting, sharing or dissemination (in any form or manner) of any information about a possible security issue in any public medium without our consent and / or prior to our resolution of such possible security issue may be illegal and constitute unauthorized disclosure of our information which would attract civil and / or criminal liability. We also request that you not disclose any data belonging to our customers. Please note that addressing a valid security vulnerability will take time, depending on its severity and the affected systems.
You may want to encrypt your email using Lazada Security's PGP public key: