IT security
Security is a top priority at world4you
We take the security of the services and applications we offer very seriously. Therefore, we would like to give security specialists the opportunity to report potential vulnerabilities in our products.
What vulnerabilities can I report?
I have a suspicion that my access data has been stolen
Do you suspect that unauthorized individuals have gained access to your world4you login credentials?
In our step-by-step FAQ article, you will find immediate actions, tips for secure passwords, and how you can protect yourself.
In our step-by-step FAQ article, you will find immediate actions, tips for secure passwords, and how you can protect yourself.
I receive spam emails and unsolicited advertisements
To reduce unwanted promotional emails in your mailbox, world4you offers you various options with email filters.
We have described the setup of email filters, along with several examples, in our FAQ portal. In addition, you can report possible security vulnerabilities to us.
We have described the setup of email filters, along with several examples, in our FAQ portal. In addition, you can report possible security vulnerabilities to us.
I have received a supposed phishing email from world4you
Have you received an email from world4you and still doubt its authenticity?
In our comprehensive FAQ article, you will find information on how to recognize emails from world4you and how to deal with phishing emails.
In our comprehensive FAQ article, you will find information on how to recognize emails from world4you and how to deal with phishing emails.
I would like to report a technical vulnerability, such as an XSS or SQLi vulnerability
The security of our customer data is of great importance to us. We support the responsible disclosure process for vulnerabilities and values reports from ethical security researchers. We are committed to investigating all reports and resolving issues as quickly as possible to protect our customers. This document outlines how world4you collaborates with the security community.
Scope
The following vulnerabilities in world4you products and services are covered by this document. We encourage any member of the security community to report the following to us:
The following vulnerabilities in world4you products and services are not within the scope of this document. Please do not report these:
Bug Bounty Program
Currently, world4you does not have an official bug bounty program.
Reporting a Vulnerability
Please send all relevant vulnerabilities (as mentioned above) to our contact address (security@world4you.com). Please read this document in its entirety before reporting vulnerabilities.
If you have discovered vulnerabilities in any of our applications or server configurations, you can provide us with the information directly. Please describe the vulnerability you have found and provide as much information as possible in your report. For example:
What You Can Expect from Us
Upon receiving your report, our security team will:
Scope
The following vulnerabilities in world4you products and services are covered by this document. We encourage any member of the security community to report the following to us:
- Vulnerabilities that impact the confidentiality, integrity, and availability of our products and services, thereby compromising our customers' data.
The following vulnerabilities in world4you products and services are not within the scope of this document. Please do not report these:
- Denial-of-Service attacks (i.e., disrupting our services with high request volumes)
- TLS configuration specifications (e.g., lack of support for TLSv1.3, specific cipher suite configurations, etc.)
- Reports indicating that our services do not fully align with "Best Practices" (e.g., missing security headers or suboptimal email-related configurations such as SPF, DMARC, etc.)
Bug Bounty Program
Currently, world4you does not have an official bug bounty program.
Reporting a Vulnerability
Please send all relevant vulnerabilities (as mentioned above) to our contact address (security@world4you.com). Please read this document in its entirety before reporting vulnerabilities.
If you have discovered vulnerabilities in any of our applications or server configurations, you can provide us with the information directly. Please describe the vulnerability you have found and provide as much information as possible in your report. For example:
- Who does the vulnerability affect? If possible, please provide URLs.
- How can the vulnerability be exploited? Include screenshots if necessary to illustrate the vulnerability.
- Also, provide all relevant information necessary to reproduce the described process.
- Please do not send us confidential information such as your password or other personal data!
What You Can Expect from Us
Upon receiving your report, our security team will:
- Confirm the receipt of your report and assign a unique identifier included in the email subject line. Please use this identifier in all your emails to us. We usually respond within one business day.
- Review your report for accuracy and validity, and check if the report is a duplicate of a previous case. If we have further questions, we will reach out to you.
- After successfully verifying your report, it will be forwarded to the relevant department for resolution. Please note that this may take some time. Feel free to inquire about the current status, limiting your inquiries to no more than once every 14 days.
We will contact you once the vulnerability is fixed and may ask you to retest.
If we need to share your findings with another organization, we will contact you in advance. Furthermore, we will not pursue legal action against individuals who, in good faith and in accordance with this document, report security vulnerabilities in a world4you service within the scope.
Feedback
If you have feedback or suggestions regarding this document, please contact our security team at the provided address above.
I have another request
You can find information on hundreds of other topics in our FAQ.
Excited?
We would like to get to know you! Apply now – online, quickly & easily!