diff --git a/SECURITY.md b/SECURITY.md
index adad867ae90..aa0338df125 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -6,11 +6,12 @@ Check our website's [download page](https://roundcube.net/download/) to see whic
 
 ## Reporting a Vulnerability
 
-If you found a security issue or vulnerability of the software, please report with direct and encrypted email to *thomas[at]roundcube.net*
-and *alec[at]alec.pl*. You can find the according PGP public keys on the major public keyservers like [pgp.key-server.io](https://pgp.key-server.io).
+If you found a security issue or vulnerability of the software, please report it to [Nextcloud's HackerOne](https://hackerone.com/nextcloud).
 
 Your report should include clear steps for reproduction and a classification of the found vulnerability.
 
+If you prefer, you can also send an encrypted email message to `security [at] roundcube.net`. The [PGP key](https://roundcube.net/download/security.roundcube.net.pub)'s fingerprint is `ACFCF63232B79518E632EC4B0127B799F939816F`.
+
 ## Publishing and Credits
 
 We're dedicated to analyze and fix the reported issues as fast a possible. Usually within days we'll have an update ready.