Pocket Security Overview

To report issues that are not security-related, please contact us through our general support page.

Report a Security Incident

Greetings security researchers! If you believe you have discovered a security vulnerability in Pocket, please let us know as soon as possible. Security is a top priority for us, and we treat each incident very seriously. 

Please email reports to security@getpocket.com. We consider messages sent to this address to be our highest priority. In your report, please include the following information:

  • Summary of the vulnerability
  • Detailed steps to reproduce
  • Screenshot and/or video of the resulting error/proof of concept

When submitting multiple reports, please send them in separate emails.

Responsible Disclosure

We kindly ask that you give us a reasonable amount of time to respond to your report before publicly disclosing any details. Furthermore, we request that you take care to avoid any privacy violations, destruction of data, or service interruptions or degradations.

Compensation Requests

Pocket does not provide monetary compensation for any identified or possible vulnerability.

Thanks!

We want to extend a sincere thanks to the following researchers have generously taken the time to identify and responsibly report security incidents and keeping Pocket safe. Their work is truly appreciated.

2016

  • Shawar Khan

2015

  • Edgar Boda-Majer (@edgarboda)
  • Paulos Yibelo (@PaulosYibelo)
  • Rahul M (@rahulmfg)
  • Aamir khan (@ThatsAamir)
  • Ala Arfaoui (@Ala_Arfaoui_)
  • Mohammad Naveed
  • Arun Mishra (@arun_2512)
  • Ashutosh Kumar (@divashutosh)
  • Ashish Pathak (@pathakbackz)
  • Konduru Jashwanth (@kondurujashwan5)
  • Memon Faisal (@faiz_smrty)
  • Karthik Reddy Chinnaganta (@reddykarthik29)
  • SaifAllah benMassaoud
  • Ahmed Y. Elmogy (@mogyhacker)
  • Sumit Sahoo (54H00)
  • Danyal Zafar (@danyalzafar143), Yamankatita Cyber Security Team
  • Pradeep Kumar (@pradeepch99)
  • Indrajith.AN (@cyberXdestroyer)
  • Jay Patel (@jaypatel9717)
  • Sree Visakh Jain (@sree_visakh)
  • Russel Van Laurio (@van_laurio)
  • Pflash Punk (@PflashPunk)
  • @SebastienWains
  • Nehal Ghoratkar
  • Yatin Sirpaul (@ysirpaul)
  • Ramin Farajpour Cami (@MF4rr3ll)
  • Deepak Kumar Nath (@Th3D3crypt3r)
  • Vishwaraj Bhattrai (@vishwaraj101)
  • Ashesh Kumar (@ASHESH1708)
  • Rishi Mohandas (@Ind_Coder) and Jomal John (@Jomaljohn)
  • Dipak Kumar Das (securite) (@deepakk95670266)
  • Badis Mansouri
  • Ronak Toshniwal (@ronakt)
  • Indrajeet Bhuyan (@indrajeet_b)
  • Bharat Sewani (@bharatsewani199)
  • Ameer Assadi (@AmeerAssadi)
  • Clint Ruoho (@ruoho)
  • Charfeddine Hamdi (@Tws_Charfeddine)
  • Ishwar Prasad Bhat (@Ishwar_CEH)
  • Callum C
  • Ajay Thomas (@ajaytmas)
  • Nadi Abdellah
  • Dinesh Vicky
  • Mehmet Nurcan
  • Gaurang Bhatnagar (@gaurang_1234)
  • Ketankumar B. Godhani (@KBGodhani)
  • Aaditya Purani (@aaditya_purani)
  • Othmane Tamagart (0thm4n_WhiteHat)

2014

  • Rafael Pablos
  • Ketan Sirigiri, Cigniti Technologies Ltd. (@cigniti)
  • Jerold Camacho (@korapsyon)
  • Rodolfo Godalle, Jr. (@rodgodalle)
  • Tarek Siddiki (@tareksiddiki)
  • Rakesh Singh & Harish Kuma (@zerodayguys)
  • Rakesh Karankote (@rakeshnagekar)
  • Binu Ramakrishnan (@securitysauce)
  • Hiroshi Tokumaru (@ockeghem)
  • Achanta Sathya Phani BapiRaju
  • Hardik Tailor (@iamhardiktailor)
  • Tony Trummer and Tushar Dalvi
  • Simone Memoli (@Simon90_Italy)
  • Danish Tariq
  • Madhu Akula (@madhuakula)
  • Nakul Mohan (@Anonymous_India)
  • Mohamed M. Fouad (@flash162011)
  • Mahipal Singh Rajpurohit (@rajgurumahi007) , Ajay Singh Negi
  • கார்த்திக்குமார் (Karthickumar) ராமநாதபுரம் (Ramanathapuram) (@karthickumar3)
  • Mehul Kareliya (@mehul_jk)
  • Mazin Ahmed (@mazen160)
  • Yamal Patel (@Yaamal_Patel)
  • Bhaskar Borman (@bhaskarborman)
  • Meris Bihorac
  • Sai Kiran (@smilez_hapiez)
  • Wang Jing (@tetraphibious)
  • Subramani Sundar
  • Osama Mahmood (@OsamaMahmood007)
  • Ch. Muhammad Osama (@ChMuhammadOsama)
  • Behroz Nathwani (@Hackforcause)
  • Abdullah Khawaja (@hax_3xploit)
  • Abdullah Hussam Gazi (@Abdulahhusam)
  • Shubham Gupta (@hackerspider1)
  • Jeevan Dahake (@jeevandahake)
  • HusseiN98D (@HusseiN98D)
  • Babar Khan Akhunzada (@Babar1337Khan)
  • Krishna Chaitanya Kadaba (@cigniti)
  • Aditya Agrawal (@exploitprotocol)
  • Amit Gandhi (@amyhacker0)
  • S.Venkatesh (@pranavvenkats)
  • Web Plus
  • Dushyant Sahu (@DushyantSahu15)
  • Osama Ansari (@AnsariOsama10)
  • Thalaivar Subu
  • Salman Khan Champion (@SalmanKhanChamp)
  • Roland Bustamante Jr (@Rolzbustamante)
  • Satheesh Raj (@rsatheesh523)
  • Grzegorz Aksamit (@grzaks)
  • Sangeetha Rajesh S (@rajesh_sangi12)
  • Kalpesh Makwana (@Makwanakalpesh2)
  • Rajat Sharma (@Rajat_Jaichand)
  • Abdul Haq Khokhar (@Abdulhaqkhokhar)
  • Abdul Rehman (@Abdul_R3hman)
  • Armaan Pathan (M4sT3r_sN!p3r_)
  • Mohamed Abdelbaset Elnoby (@SymbianSyMoh)
  • Robert Villalon (@robertd4k)
  • Amine Khelifi (@Amine_security)
  • Mohamed Khaled Fathy (@Sirmatrixpage)
  • HusseiN98D (@hussein98d)
  • Hamid Ashraf (@hamihax)
  • Hammad & Huzaifa (@TheHmadQureshi)

2013

  • Omer Kurt
  • Kamil Sevi (@kamilsevi)
  • Dawid “Infern0_” Bałut
  • Muhammad Waqar (@MuhammadWaqar_9)
  • Rakan Alotaibi (@hxteam)
  • Kwame Thomison (@this_is_kwame)
  • Rafay Baloch (@rafaybaloch)
  • Ehraz Ahmed (@securityexe) and Umaz Ahmed (@umrazahmed)
  • Siddhesh Gawde (@pen3t3r)
  • J Muhammed Gazzaly (@gazly)
  • Ali Hasan Ghauri (@alihasanghauri)
  • Harsha Vardhan Boppana (@hvboppana)
  • Maulik Shah (Anti Hacking Anticipation Society)
  • Jigar @ Infobit (@jigarthakkar39)
  • Anand Sundar Tiwari (@anandtiwarics)
  • Yuji Kosuga (@yujikosuga)
  • Mahadev Subedi (@blinkms)
  • Javid Hussain (@javidhussain21)
  • Jayvardhan Singh (@Silent_Screamr) and Nitesh Shilpkar (@NiteshShilpkar)
  • Shubham Raj (XceptionCode), OpenFire Security
  • Narendra Bhati (R00t Sh3ll) (@NarendraBhatiB) Web Security Geeks
  • Ankit Bharathan
  • Noman Ramzan (@nomanramzan91)
  • Tejash Patel (@tejash1991)
  • Devesh Bhatt (@deveshbhatt11)
  • Vinod Tiwari (@war_crack)
  • Sahil Saif (@bewithsahilsaif)
  • Nitish Mehta (CEO and Founder illuminative Works) (@i_m_nitish)
  • Ravindra Singh Rathore (@ravindra_hacks)
  • Ajay Singh Negi (@AjaySinghNegi) and Prashant Negi (@_prashantnegi)
  • Daksh Patel (@dakshxss)
  • Deepanker Chawla (@deepankerchawla)
  • Praveen Nair (c0d3 c0m4dr3 404) from Team KERALA CYBER SQUAD
  • Sherin Panikar (Kerala Cyber Squad-India)
  • Mukesh Dhama & Rishiraj Sharma
  • Yuji Tounai (@yousukezan)
  • Akhil Reni & Eshwar (@akhil_reni)
  • Muhammad Shahmeer (Maads Security) @Shahmeer_Amir
  • Dibyendu Sikdar (@dibsyhex)
  • Jose Pino (@Fr4phc0r3)
  • Yogesh Modi (@mistercracker_)
  • P.B.Surya.Subhash (@pbssubhash)
  • Osanda Malith Jayathissa (@OsandaMalith)
  • Gurjant Singh (@GurjantSadhra)
  • Mayank kapoor (@wHys0serious)
  • Martin Obiols (@olemoudi)
  • Shahee Mirza (@shaheemirza)
  • Abhinav Sejpal (@Abhinav_Sejpal)
  • Yasir Altaf Zargar & Asif Showkat Wani
  • Jay Turla of HP Fortify (@shipcod3)
  • Kyo Ago (@kyo_ago)

Still need help? Contact Pocket Support Contact Pocket Support