Responsible disclosure policy

Responsible Disclosure Policy

Your trust in IKEA matters to us. That’s why we place utmost priority on security on our website.

Please let us know if you find a vulnerability in one of our services. Use our Responsible-Disclosure-Programm for the purpose. IKEA pledges not to take legal action against anyone who discovers and reports security vulnerabilities using our Responsible Disclosure Programme.

We will review your report and reward you with a finder’s bounty for your efforts if we find a vulnerability that has not already been reported and you meet all the requirements.

Your finder’s bounty will be provided exclusively from within our Responsible Disclosure Programme. Any other requests for compensation, monetary or otherwise, arising from vulnerabilities identified or suspected are contrary to our Responsible Disclosure Programme.

Details and conditions for participation are available here: Responsible-Disclosure-Programm. Together we can keep IKEA.at secure.

Safe and secure together

At IKEA, we value the trust and confidence our customers place in us. That's why the security of our website is so important.

If you've discovered a vulnerability in one of our services we'd appreciate you letting us know about it by submitting your findings* via a Responsible Disclosure report available on our Bugs website.

We'll take a look at your submission and, if it's valid and hasn't yet been reported, we may pay a bounty** for your efforts.

Please visit our Bugs website for further information and terms of our Responsible Disclosure Policy. Together, we can keep IKEA.com secure.

* IKEA won't take legal action against those who discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy.

** Responsible Disclosure reports may result in monetary compensation depending on both scope and potential business impact of the finding. Please note that it is only for the solutions in scope that IKEA will pay a bounty.