Bunnings

Sign in or sign up

No Bunnings account? Sign up
or
PowerPass customer?
Visit the dedicated trade website

Project list

Sign in to your account


At Bunnings, it’s important to us that our customers feel safe and secure when they are shopping with us which is why we are always striving to ensure the highest possible online security.

We have a structured approach to information security in the development and management of our systems however, if you think you’ve identified a possible flaw in our security or system management while using our website, we would love to hear from you. If you are a security researcher or have discovered a vulnerability

What to report

Please contact us to report vulnerabilities in any of our services, such as cross-site scripting, encryption flaws or others with implications in logic controls.

How to report

Please send us an email at responsible-disclosure@bunnings.com.au

We prefer you use our public PGP key to encrypt and protect the information you share with us, so please include the following detail:

  • A thorough description of the matter you have identified, including information such as the URL and type of issue
  • The relevant and necessary information we need to reproduce the issue
  • If applicable, include screenshots
  • Your contact information including name, email, phone number (if you do not wish to provide your personal information, you may contact us anonymously)

What’s not allowed?

While we encourage security research on our products and services, the following types of research are strictly prohibited:

  • Accessing or attempting to access accounts or information you are not authorised to
  • Any attempt to modify or destroy data
  • Sending unsolicited or unauthorised email or other type of message
  • Posting, transmitting, uploading, linking to, sending or storing malware that could impact our services, products or customers
  • Exfiltration or disclosure of any data
  • Any physical attempts to gain access to Bunnings property or data centres
  • Any attempts of a Denial of service (DoS)

Any activity or attempt to use or profit from unauthorised access to Bunnings’ systems or information is in violation of law.

What not to report

This service is not for highlighting errors in text, questions about our services or general questions about the security of our services. We thank you for taking the time to get in touch with our team and we always appreciate the insights our customers being able to share with us.