Everything you need to know about the PlayStation Bug Bounty Program

Can you really make $50,000 for finding a single bug?

PlayStation 4 Error Codes

Image via Sony

Are you a white hat hacker looking for work? Or has your PlayStation 4 just happened crash? Sony Interactive Entertainment will now pay anyone for finding bugs with both the PlayStation 4 and the PlayStation Network. Partnering with the popular bug bounty platform HackerOne, PlayStation has leaned heavily into the concept, putting $50,000 up for grabs. But there’s a bit more to it than that. Here’s everything we know about the Bug Bounty Program.

What to report

PlayStation is looking for users to report vulnerabilities only about the PlayStation 4 and the PlayStation Network, meaning no older systems or other Sony products are included in this program. This means if you happen to come across a bug through normal use, or intentionally if you are testing for vulnerabilities, you can submit a report for a reward. Any vulnerabilities related to the PlayStation 4 system, operating system, or accessories can be reported.

The following PlayStation Network domains are all also included in the program:

  • *.playstation.net
  • *.sonyentertainmentnetwork.com
  • *.api.playstation.com
  • my.playstation.com
  • store.playstation.com
  • social.playstation.com
  • transact.playstation.com
  • wallets.api.playstation.com

Rewards for reports

PlayStation has been hammering home the potential for a $50,000 reward, but not every report will get that. Here is a breakdown of the reward tiers for different kinds of reports:

CriticalHighMediumLow
PlayStation 4$50,000$10,000$2,500$500
PlayStation Network$3,000 $1,000 $400 $100

It is worth noting that it is within PlayStation’s sole discretion to determine whether a reward will be awarded or not. Nevertheless, through HackerOne’s platform, they are being transparent about the program’s statistics and are definitely paying out.