No technology is perfect, and Rakuten believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you think you've found a security issue in our product or service, we encourage you to notify us. We welcome working with you to resolve the issue promptly.

Vulnerability Disclosure Program (VDP)

We started VDP in 2021, limiting the scope to a few domains. If you find a vulnerability in ".rakuten.com" and ".rakuten.co.jp", please report the following program. https://bugcrowd.com/engagements/rakuten-vdp-pro

VDP on other domain and Bug Bounty (On the Way)

Sorry, we are still working on the establishment. Meanwhile, please kindly accept our most significant appreciation for your effort. Thank you for helping keep Rakuten and our users safe!

Contact Info

Please feel free to send your inquiries to Rakuten-CERT rakuten-cert at mail.rakuten.com