Sea’s security team is comprised of skilled professional security analysts, researchers, and engineers who are working to protect Sea’s customers and the broader online ecosystem.
As digital technologies rapidly advance and the world becomes more interconnected, it is more important than ever to meet the new challenges presented by threat actors or other potential cybersecurity risks. With the privacy and security of our customers as our top priority, we aim to constantly anticipate and equip ourselves to deal with increasingly sophisticated threats and vulnerabilities.
Sea’s security team helps address the security needs across multiple product lines and for Sea’s business units namely Shopee, Garena, Sea Money. As the security threat landscape evolves, effective security requires continual engagement and innovation. Sea’s security professionals are committed to continual improvement and strategic collaboration with other security partners to meet these challenges head-on.
As part of this commitment, we are excited to work with other experts in the security community. We acknowledge the invaluable role that security researchers play in protecting our customers and the broader online ecosystem.
We have partnered with HackerOne to manage our bug bounty programmes. Currently, the Sea bug bounty programmes are private and can be accessed on an invite-only basis. However, security researchers are welcome to indicate their interest in joining our bug bounty programmes at hackerone.com/sea. Alternatively, if you believe you've found a vulnerability in any of our sites or apps, you can also contact the Sea Security Response Center (SSRC) directly via email@example.com, and we will respond promptly to help you with the submission process.
When investigating any services that involve customer data, please respect the privacy of our users, i.e. confine your testing to yourself during the bug investigation process, and do not disclose any findings to others. For more information, please refer to the programme policy page.
Phishing is when malicious actors impersonate another party (such as an acquaintance or an official organization) to get the user to provide his or her personal information and account data. In these phishing communications, the sender typically asks the recipient to click on a link that takes the recipient to a page where they will be asked to confirm or disclose personal data, account information, etc.
If you receive a suspicious email (e.g., firstname.lastname@example.org) or phishing content that looks like it came from Sea or one of its businesses. Do report that email to the Sea Security Response Center (SSRC) at email@example.com. Contact us directly (not through the email you received) and ask for confirmation on the validity of the message.