Runstatic.com /Adidas VDP or Bugbounty Contact

Hello fellow [email protected]$,

I’m trying to reach sec guys at runstatic.com / Adidas. I found a couple of medium and a critical issue in their website, however I know about their Log4J program at BugCrowd, unfortunately they don’t accept reports other than L4J vulnerabilities.

If anyone kind enough to lead me to reach sec guys at Adidas or Runstatic, it would be really helpful.

Thanks in advance.

I sent a DM to the CISO (no mutuals) on LinkedIn and a Senior Manager at Adidas, with a link to this page, hopefully they’ll jump on here and provide some contacts.

A log4j-program-only sounds flat out ridiculous lol, hope your research will enlighten them otherwise!

If I hear back from either of them I’ll DM you their details, or hopefully adidas will just reply here :slight_smile:

1 Like

Great, thanks a lot.

Hey @ifconfig-me i spoke to adidas, they’re going to reach out but, I’ve just seen this:

[email protected]

Have you tried this email yet?

1 Like

Hi @ifconfig-me,

Greetings from the adidas IT Security team.

We have a private bug bounty program, you are welcome to share the Adidas or Runtastic application security vulnerability details (such as description, POC and screenshots, etc.) with us via email - [email protected] or [email protected]

Thank you.
adidas Security Team

1 Like

Thanks a lot @sickcodes, appreciate your help.

Hey @AdidasSecurityTeam, thank you very much, will submit my finding asap.

Thanks again,
S.