Vulnerability Reward Program
Payment Processing Demos
Company Contact

Corporate Address:
2353 W. University Dr.
Tempe, AZ 85281-7223
480.449.7751

CCBill EU, ltd. Business Address:
First Floor,
CC Buildings
Palm Street
Paola PLA 1411, Malta

CCBill EU, ltd. Mailing Address:
2353 W. University Dr.
Tempe, AZ 85281-7223
USA

Vulnerability Reward Program

Important Update about the
CCBill Vulnerability Reward Program!

Our VRP program has been temporarily placed on hold. We are currently working to correct all of the reported bugs and are hoping to restore the program as soon as possible. We appreciate your patience and if you have any further questions or concerns feel free to contact the CCBill Information Security Team at bugrewards@ccbill.com.

To view a list of disclosed vulnerabilities and reward recipients please visit our rewards page.

CCBill maintains a vigilant and thorough approach to the security of all of its systems. Any and all identified vulnerabilities are investigated, tracked, and reported to help continue the same efficient and effective performance we have delivered since 1998.

To enhance our own extremely security stringent efforts, we have a vulnerability reward program that enables security professionals from around the world to be recognized and compensated for potential issues and vulnerabilities they responsibly disclose.

Responsible disclosure dictates that vulnerabilities should not be shared with third parties until CCBill has had a reasonable amount of time to implement a fix. We place a high priority on all vulnerabilities to ensure they are corrected in the shortest amount of time possible.

Participation and Eligibility

The following CCBill production websites are eligible under this vulnerability reward program:
  • Bill.ccbill.com
  • Support.ccbill.com
  • Admin.ccbill.com
  • Refer.ccbill.com

Additionally, eligible security issues may include, but are not limited to; cross-site scripting, cross-site script inclusion, access control manipulation or circumvention, cross-site request forgery, SQL injections, and more.

Social engineering, physical intrusions, denial of service attacks, URL redirections, and attacks against CCBill websites are outside the scope of this program and ineligible for any vulnerability reward. Disclosure of vulnerabilities to third parties before you receive confirmation will disqualify you from this program.