Responsible disclosure

Report a vulnerability

Email security@bigmarkt.co with the affected URL, steps to reproduce, expected and actual behavior, impact, and any minimal proof-of-concept details.

In scope

• https://www.bigmarkt.co
• https://journal.bigmarkt.co
• https://club.bigmarkt.co
• https://fts.bigmarkt.co

Out of scope

• Denial-of-service, stress, or resource exhaustion testing
• Spam, phishing, social engineering, or physical attacks
• Accessing, modifying, deleting, or exporting data that is not yours
• Automated high-volume scanning
• Attacks against third-party providers

Safe harbor

We will not pursue legal action for good-faith research that stays in scope, avoids privacy harm, avoids service disruption, and gives us reasonable time to remediate before public disclosure.

Priority areas

• Authentication or authorization bypasses
• Public profile, leaderboard, or trade privacy failures
• Signed URL privacy failures
• Broker or exchange ingestion integrity issues
• Webhook signature validation issues
• Admin privilege escalation
• Payment, subscription, or token settlement logic flaws