Whitehats

Players

If you would like to report an incident about lost chips, game currency, virtual goods, account access problems or any other in-game issues, please contact Zynga Customer Support.

Researchers

Zynga is dedicated to providing a safe gaming environment for our players. If you are a security researcher and believe you've found a security vulnerability that could harm Zynga or our players, please let us know by e-mailing the details of your findings to whitehat@zynga.com.

If you submit your report, give us a reasonable time to respond before making any information public, and conduct your research in a reasonable manner [that avoids privacy violations, destruction of data, or interruption or degradation of our services] we will not bring a lawsuit against you or ask law enforcement to investigate you.

Rules for Zynga's Whitehat Hall of Fame

The Zynga Whitehat Team receives reports from security researchers across the globe. While we are grateful for their time and effort, sometimes the reports do not include actionable information. To ensure that the Whitehat program continues to bring value to Zynga, and deserving researchers get credited on Zynga's Whitehats Hall of Fame, researchers and their reports must meet the following criteria for the researcher to be eligible to be listed in the Hall of Fame:

  • Your research must be conducted in a reasonable manner
  • You must not violate another user's privacy in conducting your research
  • You must not attempt to access another user's account or data
  • You must not attempt to destroy Zynga's or another user's data
  • You must not report "cut and paste" results from automated scanners
  • You must not perform any attacks that can potentially impact the reliability of Zynga's services, including but not limited to, DoS and DDoS
  • The reported vulnerability must not have been publicly disclosed or reported to us previously
  • The report must not be of a security flag for non-sensitive cookies
  • Brute force attacks will not qualify you for the Hall of Fame
  • You must provide Zynga's Whitehat Team with any additional information regarding the vulnerability that they reasonably request
  • The reported vulnerability must not be one that Zynga determines to be an acceptable risk
  • You must provide all of the information requested in the report format below

Please note that Zynga has sole discretion with regard to whether or not to recognize a researcher in our Hall of Fame. Zynga's decision will be final in this regard. Further, Zynga reserves the right to terminate or discontinue the Whitehat Program at its discretion.

If there are any questions, please email us at: whitehat@zynga.com

Report Format

Target: Please provide the attack target here (target URL, section of the feature or game that is affected)
Description: Please be as detailed as possible
Steps to reproduce: Please try to provide written steps if possible rather than just a set of screen shots

2015 Whitehats

2014 Whitehats

2013 Whitehats

2012 Whitehats