Pocket is a product operated by Mozilla. If you believe you have discovered a security vulnerability in Pocket, please follow Mozilla’s bug reporting process documented on Mozilla’s Security page. For more information on how to report security vulnerabilities and how the Mozilla community will respond to such reports, see our policy for handling security bugs. We want to extend a sincere thanks to the following researchers who have generously taken the time to identify and responsibly report security incidents and keeping Pocket safe. Their work is truly appreciated. The following researchers have generously identified and responsibly reported security incidents.”]
Source: https://help.getpocket.com/article/870-pocket-security-overview