If you have identified a security issue in the Rumble platform or related infrastructure, please get in touch by email via firstname.lastname@example.org. To encrypt the contents of your message, please use PGP Key ID AE96EC3E8E1F27C6.
The Rumble agent encrypts all communications with the Rumble infrastructure using TLS. You can find the SSL Labs report cards for critical services below:
Rumble uses an Extended Validation Authenticode certificate to sign all Windows executables. All Rumble executables also contain an embedded ED25519 signature, which can be verified with the Rumble Verifier.
Rumble supports multi-factor authentication (MFA) for the Rumble Console through FIDO2-compatible (WebAuthn) security tokens, such as the Yubico YubiKey and the Google Titan key. This support extends to Windows Hello and mobile platform mechanisms such as fingerprint and face unlock.
Rumble supports Single Sign On (SSO) via SAML/2.0 and has been tested with Okta, Auth0, GSuite, Office365, and Shibboleth. SSO is available to all customers at no additional cost.
Rumble uses AWS (us-east-2) for all infrastructure. All storage is encrypted at rest using AWS-managed keys. User credentials are hashed using
bcrypt and encrypted using
AES-256 in GCM mode with an encryption key stored separately from the database.
Rumble has been developed with security best practices in mind. For additional details about the platform architecture and to see the executive summary of our last penetration test, please contact us by email at email@example.com.