Responsible disclosure policy

Better security through cooperation

We value the trust our customers place in us. That's why the security of our website is important to us.

If you find a vulnerability in one of our services, please bring it to our attention by sending us your findings* via the Bug Bounty form. We appreciate it!

Report a vulnerability

We will review the finding you submit, and if it is valid and has not been previously reported to us, we may invite you to participate in our Vulnerability Rewards program, which may lead to a cash reward**.

You can read the terms and details of our Responsible disclosure guidelines below. Together we can ensure the security of IKEA.fi.

Testing conditions

Under the terms of our Responsible disclosure policy, you are strictly prohibited from doing any of the following:

access, download or modify (or attempt to access, download or modify) information from an account that does not belong to you;
perform or attempt to perform any form of denial of service attack;
publish, transmit, transfer, link to, post or store any malicious software;
conduct any testing that could lead to the sending of unsolicited or unauthorised advertising, spam or other unsolicited communications;
perform any testing that could damage the operation of IKEA systems; and
testing third-party applications, websites or services that are integrated or connected to the IKEA Systems.

*IKEA will not take legal action against individuals who find and report security vulnerabilities under the terms of our responsible security testing guidelines.

**Financial compensation will only be provided through our Bug Bounty program. Claims for compensation (monetary or otherwise) related to an identified or alleged vulnerability will be considered in violation of our Responsible disclosure policy.