Sony launches PlayStation bug bounty program with rewards of $50K+

Sony will pay security researchers for bugs in the PlayStation 4 gaming console, its operating system, official PS4 accessories, but also the PlayStation Network and related websites.

Sony PlayStation

Image: Lee Paz on Unsplash

Sony launched today a bug bounty program for the PlayStation Network and the PlayStation 4 gaming console, a company spokesperson told ZDNet.

The program aims to reward security researchers who find bugs in PlayStation-related devices and websites and report them to Sony's security team to have them patched before getting exploited.

Sony says it plans to pay security researchers between $100 and up to $50,000 (or even higher) for vulnerabilities reported in the company's products.

Eligible services include the Sony PlayStation 4 gaming console, its operating system, official PS4 accessories, but also the PlayStation Network and related websites.

psn-bug-rewards.png

Sony's new vulnerability rewards program (VRP, also known as a bug bounty program) will be managed through HackerOne, a platform that hosts bug bounty programs for some of the world's largest companies, such as PayPal, Twitter, Snapchat, Shopify, General Motors, Slack, and Uber.

Before making its bug bounty program public today, the company has been running a private invite-only VRP since last year, the company said.

Last of the big three, but the biggest rewards

Sony is the last of the big three major gaming companies to launch an official bug bounty program. Nintendo was the first company to launch one in 2016, followed by Microsoft for its Xbox gaming platform in January 2020.

While Sony was the last one to the party, the company is offering by far the biggest rewards, with a top bounty of $50,000+, compared to only $20,000 offered by both Microsoft and Nintendo.

In the grand scheme of things, Sony has a real interest in securing its gaming platforms. Hackers have been heavily targeting gaming accounts, which they usually abuse for fraud or put up for sale online, on underground hacking forums.

Earlier this year, in April, hackers abused a vulnerability in an old Nintendo authentication mechanism to hijack more than 160,000 user accounts (number later updated to 300,000).