Skip to main content

Responsible Disclosure Policy

Safe and secure together

At IKEA, we value the trust and confidence our customers place in us. That's why the security of our website is so important.
If you've discovered a vulnerability in one of our services, we appreciate you letting us know about it by submitting your findings* via our Responsible Disclosure report.
We'll take a look at your submission and, if it's valid and hasn't yet been reported, we could invite you to take part in a bug bounty program, which may result in monetary compensation** for your efforts.
You'll find the details and terms of our Responsible Disclosure Policy below. Together, we can keep secure.

Testing terms

In order to adhere to the terms in this Responsible Disclosure Policy, you're prohibited from:
• accessing, downloading or modifying (or attempting to access, download or modify) data from an account that does not belong to you;
• executing or attempting to execute any “Denial of Service” attack;
• posting, transmitting, uploading, linking to, sending or storing any malicious software;
• testing that would result in sending unsolicited or unauthorized junk mail, spam or other forms of unsolicited messages;
• performing testing that would corrupt the operation of any IKEA properties; or
• testing third-party applications, websites or services that integrate with or link to IKEA properties.
*IKEA won't take legal action against those who discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy.
**Monetary compensation will only be awarded through our bug bounty program. Requests for compensation (monetary or other) in connection with identified or alleged vulnerability will be considered noncompliant with this Responsible Disclosure Policy.