MIXR Labs offers a wide range of services that are used by millions of people around the world. Focusing on AR and location detection, MIXR Labs stores valuable data that we want to protect from malicious threats. Security reports help us ensure the security of our data and players.
Thank you for your help!
We appreciate the work of security researchers and would like to invite everyone who is willing to take the time to help MIXR Labs to improve security to share their opinion with us. MIXR Labs is committed to interacting with the community and is grateful for your contribution!
If you would like to report a security issue that you have discovered, be sure to read our terms and conditions and comply with them before submitting reports to us.
- Disclosure of information such as application and version banners, stack traces, server errors, internal IP addresses, or path disclosure;
- Brute force attacks using a username/password, account blocking, listing a username/email address (attacks that go beyond blind testing may be considered);
- Any physical attacks on MIXR Labs Facilities or Property or employees;
- Any social engineering attacks (e.g. phishing, email spoofing or self-XSS);
- Open redirects;
- Problems with TLS/SSL;
- Any exhaustion и disruptive атаки, such as (Distributed) denial of service, spam requests, slow-loris, etc.;
- CSRF Issues Affecting Account Integrity;
- Cookie security (e.g. secure flag);
- Outdated or known vulnerable software (problems of high severity can still be considered depending on the possible impact);
- Fraud incidents or problems related to in-game exploits.
We will make every reasonable effort to investigate and resolve the reported problem within 90 days. However, in some cases MIXR Labs may need more time, but we will contact you. Do not share information about the report until MIXR Labs informs you that the problem has been solved, so that attackers cannot use your information and do not harm the ecosystem of Services and other users of these Services.
Do not change any data that you have accessed as a result of your investigation, so as not to harm the ecosystem of Services and other users of these Services.
Avoid privacy violations and disruptions, including (but not limited to) affecting the quality of service through (D)DoS, data deletion, or access to personal accounts (for example, through phishing). You remain personally responsible for any privacy violations, failures, or any violations of applicable laws or regulations that you commit, even if you participate in the search for security vulnerabilities. Don't try to exploit the vulnerability (for example, don't try to access a machine or perform a pivot/scan of an already compromised one to demonstrate additional risk).
Don't try to exploit the vulnerability (for example, don't try to access a machine or perform a pivot/scan of an already compromised one to demonstrate additional risk).
Do not violate any other applicable laws or regulations.
You acknowledge that any report or information you provide to MIXR Labs constitutes a "Review" as defined in our user agreement of the Terms of Service, and you agree to the said user agreement of the Terms of Service.
You acknowledge that providing us with a report or any feedback does not entitle you to any remuneration, compensation or remuneration of any kind.