Details

As the security threat landscape evolves, effective security requires continual engagement and innovation. Sea’s security professionals are committed to continual improvement and strategic collaboration with other security experts in the security community to meet these challenges head on. As part of this commitment, we acknowledge the invaluable role that security researchers play in protecting our customers and the broader online ecosystem. There are 3 core business units in Sea, namely:

Garena, our online games developer and publisher arms operating in more than 130 markets
Shopee, a leading e-commerce platform in Southeast Asia and Taiwan
Monee, a leading digital payments and financial services provider in Southeast Asia

Currently, the Sea bug bounty programme on HackerOne is private and can be accessed on an invite-only basis. If you believe you've found a vulnerability in any of our sites or apps, please report it to us by clicking on the “Contact Security Team” button at the top of this page. Before filling in the form, please ensure that you have an HackerOne account with the minimum bounty expectation set to $50. If you do not have one, you can create a new account here. We will work to investigate your report and get back to you in a timely manner.

Alternatively, you can also contact the Sea Security Response Center (SSRC) directly via [email protected], and we will respond promptly to help you with the submission process. Similarly, kindly provide us with your HackerOne username and set the minimum bounty expectation to $50 when contacting us.

When investigating any services that involve customer data, please respect the privacy of other users. We ask that you confine any testing to yourself during the bug investigation process, and not disclose any findings to others. For more information, please refer to the private programme’s policy page.

Thank you for helping to keep Sea’s businesses and our users safe.