Data security and user privacy matter to us. While we take every possible measures to ensure our systems are well protected to safeguard your privacy, we still need your collaboration to make the Internet a better place. If you believe you have discovered a security vulnerability in our system that could adversely impact Grab’s platform or its customers, we appreciate your help in disclosing it to us in a responsible and timely manner.

Reporting an online security issue

If you suspect any online security issues or malicious cyberattacks that could compromise our online systems, you can send an email to our security team at security [at] after which you will receive an automated email from HackerOne with a link to submit your bug report. We will be using the HackerOne platform for reviewing your bug report and bounty will be awarded, if found eligible.

Examples of security issues and malicious cyberattacks:
● Any kind of denial of service (DoS) attack
● Automated scanning
● Unauthorised access to Grab’s platform using backdoors, trojans or malware
● Attempts to breach confidential data
● Attempts to attack Grab’s platform

Note: Legal actions will be taken against all attempts to compromise Grab’s platform and database.

When you contact us, please provide as much information as possible to help us with the investigation:
● A detailed description of the issue
● Steps to reproduce the issue

Our promise to you:

● Prompt acknowledgement of the report (within 2 business days)
● Transparency throughout the investigation process
● Utmost efforts to revolve the issues

As a token of appreciation, we will reward those who are the first ones to report an issue.

Responsible Disclosure Policy

At Grab, the security of our users and our platform are of utmost priority. If you believe you have discovered a potential vulnerability on our platform, apps or services, we would appreciate your help in fixing it fast by revealing your findings in accordance with this policy.
Going public with security vulnerabilities can elevate the level of risk, so we urge you to keep such matters private until they can be addressed.

Terms and Conditions for Public Bug Bounty Program