The security of our systems and applications is important to us. Should you identify a potential vulnerability in any product, system, or asset belonging to IHG, we encourage you to contact us.
Provide sufficient information to enable us to investigate the potential vulnerability, including IP addresses, URLs, description of the vulnerability, and how the vulnerability was identified
Contact us immediately if you identify personal or corporate data
Avoid making copies of personal or corporate data and delete all confidential information if a vulnerability is confirmed
Do not share information about the potential vulnerability with others
Do not engage in social engineering, penetration testing, denial of service, or physical security testing
Do not participate in any activity that violates laws or regulations
IHG does not have a bug bounty program, but we appreciate you sharing potential vulnerabilities with us
What you can expect from us
We take every submission of potential weaknesses or vulnerabilities seriously and appreciate your efforts to responsibly identify and share this information with us. IHG will work to triage and resolve confirmed weaknesses and vulnerabilities based on complexity and severity.