Skip to main content

Hack a PS4, and Sony might pay you $50,000

playstation 4
(Image credit: George Dolgikh / Shutterstock.com)

Sony has launched a bug-bounty program to reward people who discover and report security vulnerabilities affecting PlayStation 4 and the PlayStation Network. 

The Japanese tech giant has partnered with bug bounty platform HackerOne to manage the programme, and is offering cash rewards at different levels, with the highest, for "critical" flaws in the PS4, starting at $50,000. 

The news was confirmed by Sony’s Geoff Norton, who wrote in a blog post: “At PlayStation, we are committed to providing gamers all over the world with great experiences. 

“I’m happy to announce today that we have started a public PlayStation Bug Bounty program because the security of our products is a fundamental part of creating amazing experiences for our community," Norton added. "We believe that through working with the security research community we can deliver a safer place to play.”

Rewarding the security community

Norton said the programme was open to the “security research community, gamers, and anyone else to test the security of PlayStation 4 and PlayStation Network”.

According to Sony, the scheme predominantly focuses on vulnerabilities affecting the PlayStation 4 hardware, operating system, accessories and PlayStation Network.

“For the PlayStation 4 system, accessories and operating system, we will accept submissions on the current released or beta version of system software,” explained Sony on its HackerOne page.

When it comes to the PlayStation Network, Sony is particularly interested in reports of security issues concerning the following domains:

  • *.playstation.net
  • *.sonyentertainmentnetwork.com
  • *.api.playstation.com
  • my.playstation.com
  • store.playstation.com
  • social.playstation.com
  • transact.playstation.com
  • wallets.api.playstation.com

Different rewards

Although the programme is geared towards PlayStation 4 flaws, Sony will consider out-of-scope reports too.

It said: “PlayStation may at its discretion accept submissions on earlier versions of system software on a case-by-case basis.”

For the rewards, Sony said the amounts “will differ based on vulnerability severity” and the “quality of the report”. It’ll only consider a “previously unreported” vulnerability.

The reward amounts have been categorised by critical, high, medium and low vulnerabilities, with researchers able to claim rewards starting at $3,000 for critical PlayStation Network vulnerabilities and starting at $50,000 for critical PlayStation 4 vulnerabilities. 

To alert Sony of a PS4 security vulnerability and be considered for a cash reward, researchers are asked to create an account on HackerOne and submit a report via the platform.

In April 2011, the PlayStation Network was hacked by still-unknown intruders, who made off with the account records of 77 million users. Sony shut down the network for more than three weeks while it cleaned things up.