Security

Security is a core part of how we build and operate heylogin. Transparency is extremely important to us, which is why we openly share security reports, audits, and relevant disclosures. This page provides a clear overview of our ongoing security updates and history.

Security Updates

We also post security updates on our status page. Subscribe to get notified as soon as new updates are published.
‍
Current status
Visit status.heylogin.com
‍
Get security updates by email
Subscribe for updates‍

Vulnerability Reporting

Please report vulnerabilities via email in line with our Vulnerability Disclosure Policy. You can encrypt details using our OpenPGP key.
‍‍
Read our VDP
Vulnerability Disclosure Policy

Found a vulnerability?
Report via security@heylogin.com

OpenPGP key
327E E095 BDC1 BD81 631C 8D82 2949 0F2D 481F 4E59

Previous security updates

August 21, 2025

Report

Analysis of DOM-based Extension Clickjacking

At DEF CON 33, a new attack called DOM-based Extension Clickjacking was presented. In this report, we show in what way heylogin is affected and why there are no critical risks.

December 21, 2023

Report

AutoSpill vulnerability on Android: heylogin is not affected

Recently, the new AutoSpill vulnerability on Android devices was made public. Read this report to find out how it works and how heylogin provides security.