Do not access (or attempt to access) any non-public data.
Do not affect or harm other users (or their access to or use of our services).
Do not perform any attack that could harm the reliability or integrity of our services or data. For example, DDoS/spam attacks are strictly prohibited.
Do not publicly disclose a vulnerability before we have resolved it.
Do not perform (or attempt) non-technical attacks, including spam, social engineering, phishing, or physical attacks against our employees, users, or infrastructure.
We'd like to thank those security researchers who have reported issues that we have since resolved. Welcome to participate and help us to protect.