Hive Responsible Disclosure
At Hive we take the security of our products and services seriously and value reports from the security research community. Responsible disclosure helps us protect our customers, data, and services.
Reporting a Security Vulnerability
If you believe you have identified a security vulnerability, please submit it via our responsible disclosure form, managed by Bugcrowd, our Vulnerability Disclosure Management partner. Provide as much detail as possible to support effective triage and investigation.
Please do not publicly disclose vulnerability details, risk customer data, compromise our intellectual property, or deliberately degrade our systems.
Our Response
Upon submission, you will receive an instant automated acknowledgement through the Bugcrowd portal. Updates will be provided throughout each step, including triage, investigation, and remediation. A member of the Centrica Security team may contact you via the portal if additional information is required. The process is both secure and transparent.
Prohibited Activities
The following activities are not permitted, as they may impact customers, services, or data:
- Public disclosure of personal, proprietary or financial information
- Modification or deletion of data not owned by you
- Service disruption or degradation, including denial-of-service attacks and exploitation of any perceived vulnerabilities
- Spamming, social engineering, or phishing
- Physical attacks on infrastructure
- Local network attacks, such as DNS poisoning or ARP spoofing
Out-of-Scope Submissions
The following are not considered valid vulnerability submissions:
- Publicly accessible, non-sensitive files or directories (e.g. README.txt, robots.txt, etc.)
- Service fingerprinting, banner grabbing, or version disclosure of common public services
- Username or email enumeration through brute force or standard error messaging, except in exceptional cases