Security Researchers


eBay Customers | Security Researchers

eBay Customers

The form on this page is sent to a team that supports professional security researchers. The Security Research team does not have access to customer information or the ability to resolve customer issues. If you are not a professional security researcher, please use the following contacts to avoid delay with resolving your issue:

Professional Security Researchers

Our team of dedicated security professionals works vigilantly to keep customer information secure. We recognize the important role that security researchers and our community play in keeping eBay and our customers secure. If you discover a site or product vulnerability, please notify us using the guidelines below.

To encourage responsible disclosure, we commit that - if we conclude that a disclosure respects and meets all the guidelines outlined below - we will not bring a private action or refer a matter for public inquiry.

Guidelines for responsible disclosure

  • Share the security issue with us before making it public on message boards, mailing lists, and other forums.
  • We request that you wait until notified that the vulnerability has been resolved before disclosing it to others.  We take the security of our customers very seriously, however some vulnerabilities take longer than others to resolve. There are several teams involved in working on these vulnerabilities depending on which site has the vulnerability and what function is being exploited.
  • Provide full details of the security issue, including Proof-of-Concept URL and the details of the system where the tests were conducted.

Do not engage in security research that involves:

  • Potential or actual damage to eBay users or systems or applications.
  • Use of an exploit
    • to view data without authorization
    • that involves the corruption of data.
  • Requests of compensation for the reporting of security issues either to eBay, or through any external marketplace for vulnerabilities, whether black-market or otherwise.

Information to gather prior to completing the reporting form:
Before submitting your report, please refer to the information we need to process a ticket. Tickets without complete information slow down our ability to repair the vulnerability and might not be processed until we receive the requested information.
  1. Proof-of-Concept URL and the information of affected parameter
  2. Detailed steps of reproducing the vulnerability
  3. URL to screenshots to show Proof-of-Concept
  4. Details of the system where the tests were conducted
Please note: Researchers who are the first to report a vulnerability with complete information will be the researcher acknowledged on our acknowledgment page once the vulnerability is repaired. If there are additional team members involved in researching the vulnerability you are reporting, please provide their name(s)and what their contribution was to the findings when submitting this report.

Enter your email address:

Enter your name:

Please provide details of the security bug

characters left. No HTML, JavaScript.


We thank all for their contributions, but from time to time, we will want to publically acknowledge and thank members of our researcher community on our Responsible Disclosure Acknowledgement Page (and elsewhere) for their contributions. We will contact you once the vulnerability you've reported has been resolved to ask you whether you would like your name to be displayed on this page.