Join us开始体验
中文 EN
Join us开始体验

Vulnerability Disclosure Program

in1bank are committed to ensuring the security of our information, systems and services.

If you have discovered a security issue that you believe may affect the confidentiality, integrity or availability of our information, systems, or services, please submit a report to our security team using the process outlined below.

We treat all information regarding vulnerabilities as confidential and request that you do not publicly disclose, discuss or confirm the details of any suspected security issues.





In scope

  • in1bank mobile banking app (iOS)
  • in1bank mobile banking app (Android)
  • 举报范围

  • 合壹银行手机银行应用(苹果)
  • 合壹银行手机银行应用(安卓)
  • 合壹银行网站:
  • Out of scope

    The following activities are strictly prohibited

  • Any use of automated scanning tools
  • Any attempt to modify or destroy information
  • Any physical attempts against in1bank property
  • Any attempts of a Denial of service (DoS)
  • Accessing or attempting to access accounts or information you are not authorised to
  • Sending or attempting to send unsolicited or unauthorised email or other type of message
  • Conducting social engineering (including phishing) of in1bank employees, contractors, customers or any other related party
  • Posting, transmitting, uploading, linking to, sending or storing malware that could impact our services, products or customers
  • Exfiltration, disclosure or use of any proprietary or confidential information or data of in1bank (including customer data) under any circumstances
  • Any attacks using stolen or breached credentials
  • Any activity or attempt to gain unauthorised access to in1bank software or systems in violation of law.
  • 范围之外


  • 任何自动扫描工具的使用。
  • 任何修改或销毁信息的企图。
  • 任何对银行财产的实体攻击。
  • 任何阻断服务攻击(DoS)的企图。
  • 访问或试图访问任何未获授权的帐户或信息。
  • 发送或试图发送任何未经请求或未经授权的电子邮件或其他类型的消息。
  • 对合壹银行员工、承包商、客户或任何其他关联方进行社会工程攻击(包括网络钓鱼攻击)。
  • 发布、传输、上传、链接、发送或存储任何可能影响合壹银行服务、产品或客户的恶意软件。
  • 在任何情况下窃取、披露或使用合壹银行的任何专有或机密信息或数据(包括客户数据)。
  • 任何使用被盗或泄露凭证的攻击。
  • 任何违反法律以获得未经授权访问合壹银行的软件或系统的活动或企图。
  • How to report a vulnerability

    You can report suspected vulnerabilities to the in1bank Security Team by emailing
    If you feel the email should be encrypted, our PGP key can be found below.

    Download PGP key

    To assist us in investigating your report, please include
  • Affected product or service, including affected URL(s)
  • Your name and contact information (if you do not wish to provide your personal information, you may contact us anonymously)
  • Date and time when the suspected vulnerability was discovered
  • IP address used when suspected vulnerability was discovered
  • Steps to reproduce the vulnerability
  • Once we received your disclosure report, you will receive confirmation from us within 24 hours.

    We will use the disclosure information you provide to enhance the security of our systems.
    We may also use the information in notifications to regulatory bodies, to comply with laws, and assist government or law enforcement agencies.


    您可以通过电子邮件 以向合壹银行安全团队举报任何嫌疑的安全漏洞。

    Download PGP key

  • 受影响的产品或服务,包括受影响的URL
  • 您的姓名和联系方式(如果您不希望提供您的个人信息,您可以匿名与我们联系)
  • 发现可疑漏洞的日期和时间
  • 发现可疑漏洞时使用的IP地址
  • 重现漏洞的步骤
  • 一旦我们收到您的举报报告,您将在24小时内收到我们的确认。