ID.me takes security very seriously. This includes investigating all reported vulnerabilities. If you have identified a flaw in our website, service, or product, please send an email to security@id.me and include the following:
- Name
- Date and Time that the vulnerability was identified
- Brief Description
Once the report has been submitted, ID.me will work to validate the identified issue. Regardless of the outcome, you will receive a reply that it has been noted and is being investigated. ID.me is committed to being responsive and will work with you as we progress through our internal processes.
In order to protect our customers, we request that you not post or share any information about a potential vulnerability in any public setting until we have researched, responded to, and addressed the reported vulnerability and informed customers if needed. Also, we respectfully ask that you do not post or share any data belonging to our customers. Addressing a valid reported vulnerability will take time. This will vary based on the severity of the vulnerability and the affected systems.