Report a Vulnerability

At GoTo, we take security seriously and appreciate your help in keeping our systems and users safe. If you’ve discovered a vulnerability in any of our products or services, please report it to us immediately. 

What to Report 

We welcome reports on vulnerabilities related to: 

1. GoTo Products and Services  

• Web applications 

• Mobile applications 

• Car-related systems 

2. Email or Phishing Issues  

• Including potential abuse of our systems (e.g., sending mass emails to random addresses) 

How to Report 

Please send your report to: ciso-office@gotoglobal.com

Include the following information in your report: 

• Type of issue (e.g., cross-site scripting, SQL injection, remote code execution) 

• Affected product and version, or URL if dealing with a cloud service 

• Potential impact of the vulnerability (e.g., what data can be accessed or modified) 

• Step-by-step instructions to reproduce the issue 

• Any proof-of-concept or exploit code required to reproduce the vulnerability 

Our Commitment 

We are committed to addressing all reported vulnerabilities promptly. Our standard response times are: 

• Critical vulnerabilities: Within 24 hours 

• High-severity vulnerabilities: Within 48 hours 

• Medium and low-severity vulnerabilities: Within 5 business days 

What is a Vulnerability? 

A vulnerability is a weakness in a system that can be exploited to compromise the system’s security or functionality. This could include: 

• Software bugs that allow unauthorized access 

• Design flaws that expose sensitive information 

• Configuration errors that reduce system security 

If you’re unsure whether an issue qualifies as a vulnerability, we encourage you to report it anyway. Our security team will review all submissions and respond accordingly. 

Thank you for helping us maintain the security and integrity of our systems.