Hello Intigriti Researchers,

This is an update on the scope of our program.

We are temporarily removing any bugs that require an OVO Energy account from the scope. This is due to us being unable to currently offer testing accounts to Intigriti or to our team members to validate findings which has allowed for duplicates to slip through the net, resulting in double payment. As I'm sure you can understand, this is not beneficial to the ongoing validity of the program or to the organisation.

We are, however, going through the process of getting secure accounts for testing purposes set up so we will be able to amend the scope and allow these bugs to be found once this has been officialised. Once we have these accounts, we will make sure to spread the details and be able to track these issues in a sanctioned way.

Please cease using any OVO Energy accounts that you may have set up for research purposes, using your @intigriti.me email address.

We thank you all for the hard work you've put into this program and greatly appreciate all of your findings.

Happy Hunting,
Russ Petch

Hello Intigriti Researchers,

This is a note to inform you that there has been a slight scope update. We have changed the wording around credentials provided from: "None provided. Researchers are free to self sign up to any applications in scope." to "None provided. Researchers are free to self sign up to any applications in scope using @intigriti.me email addresses.".

This will help us aid our internal segregation of bounty hunter activity from malicious attackers.

We thank you all for your great work so far on our Program.

As always - Happy Hunting,
Becca Liddle