Security Hall of Fame
We're grateful to the security researchers who help keep Killswitch safe through responsible disclosure.
Thank You
Security is at the core of what we do. We deeply appreciate researchers who take the time to responsibly disclose vulnerabilities, helping us protect our users' data and privacy.
If you've found a security issue, please check out our Bug Bounty Program to learn how to report it.
Acknowledged Researchers
Sumit Bhadouriya
February 2026
Login endpoint brute-force protection bypass — identified non-enforcing rate limiting on authentication endpoint
Ravela Pramod Kumar
February 2026
Master key API endpoint hardening — credential exposure in query strings (CWE-598) and missing rate limiting
Cyber_Subhash
February 2026
Direct IP access exposure and PostgreSQL public port exposure — infrastructure hardening
Aqudas Gulzar
February 2026
Fixed critical 2FA authentication bypass — secured completion endpoint with signed, time-limited verification tokens
Manasi Deokate
February 2026
Session security hardening — logout token revocation, no-cache headers, session replay protection
Kunal Mhaske
February 2026
Session invalidation on password change, email enumeration protection
Khurram Shoaib
January 2026
Multiple authentication and session security improvements
Found a Security Issue?
We appreciate responsible disclosure and offer rewards for valid security findings.