At OLX, we take security issues seriously. If you believe you’ve detected a vulnerability within our products we’d like to hear about it. Our team is continuously working in protecting the security of your account. We’ll investigate any reports and do our best to fix these issues as soon as possible.
If you found an issue that affects only your account, please fill the contact form of your country’s OLX site.
If you would like to report a vulnerability in one of our products listed in our vulnerability disclosure program (VDP) or their related mobile apps, you can submit it using our embeded Vulnerability Disclosure form with BugCrowd and we can track your submission.
To be enable us to verify the vulnerability, add details on how to reproduce, e.g. screen-shots, code or video. We kindly ask you to not disclose the vulnerability until you receive a notification from us that the issue has been solved. You will receive a non-automated response to your initial communication within 72 hours, confirming we received the vulnerability report and will send progress updates on frequent basis.
Please avoid from engaging in security research that involves:
- Denial of Service attacks.
- Physical attacks against offices and data centers.
- Compromise of a OLX users or employees account.
- Automated tools or scans, botnet, compromised site, end-clients or any other means of large automated exploitation or use of a tool that generates a significant volume of traffic.
We want to thank all security researchers for the contributions and for volunteering time to help us spotting potential issues. You can visit our Hall of Fame to see a list of all of them.