Quick Contact

Talk to our team

Social

fb-footer
instagram-footer
Twiiter
youtube-footer
linkedin-footer
Blog --------

A Guide To PlayStation Bug Bounty Program: Unlocking the Secrets

Share
The playstation bug bounty program

Sony PlayStation 4 is one of the most widely used gaming consoles. The other major competitor is the Xbox One by Microsoft. Being a gaming console doesn’t mean that it is free from exploitable vulnerabilities. The recent rise of cyber attacks on different platforms has pushed Sony to roll out bug bounty programs.

Introduction of the Bug Bounty Program

Like many other companies, Sony also had a private bug bounty program exclusive to a few select security researchers. It all changed in June. On June 24th, Sony announced a public bug bounty program open to all in collaboration with HackerOne.

The bounties are restricted to reports that pertain to a few domains of the PlayStation Network and in the case of the PS4 system, it is valid only for those about the current or beta version of the system software. The program doesn’t accept social engineering attacks, DDoS attacks, or issues about game software among others. While Sony hasn’t mentioned any specific reasons to bring in such a change, they mentioned that they’ve understood the valuable role that the research community plays in enhancing security. It basically translates to Sony keeping an eye out for their security in light of the increasing number of cyberattacks.

Accepted Vulnerabilities

Sony has released a list of accepted vulnerabilities that are accepted for the bug bounty program. The domains that are in scope for vulnerabilities in regard to the PlayStation Network are:

  • *.playstation.net
  • *.sonyentertainmentnetwork.com
  • *.api.PlayStation.com
  • my.playstation.com
  • store.playstation.com
  • social.playstation.com
  • transact.playstation.com
  • wallets.api.playstation.com

If you have a look at the domains mentioned in this list, all these deal with the core aspects of the PlayStation Network. External links and ads to other sites aren’t included unless they interact with the domain. Sony accepts reports on the PlayStation 4 system, operating system, and accessories when it comes to the console. The vulnerabilities include

  • Cross-Site Request Forgery (CSRF)
  • Cross-site Scripting (XSS)
  • Unauthorized Cross-Tenant Data Tampering or Access (for multi-tenant services)
  • Insecure Direct Object References
  • Injection Vulnerabilities
  • Authentication Vulnerabilities
  • Server-Side Code Execution
  • Privilege Escalation
  • Significant Security Misconfiguration (when not caused by user)
  • Directory Traversal
  • Information Disclosure
  • Open Redirects
  • Sony Product Vulnerabilities (specific to the Sony designed/controlled components of the product)

Read More: How To Create Strong Passwords

Out-of-Scope Vulnerabilities

Sony doesn’t accept vulnerabilities in any other Playstation Network domain other than the 8 ones that are mentioned. Extra information about open-source vulnerabilities that have been made public for less than 7 days is also not accepted. Sony also doesn’t accept social engineering attacks aimed at internal employees, physical attacks, scanner reports including any automated exploitation tool. Network vulnerabilities are exploited by DDoS attacks, clickjacking, and HTTP flags among others.

Rewards

Until this point, the average bounty offered is 400$ and the total payout last disclosed was 177,500$. Sony has promised up to 50,000$ for severe vulnerabilities dealing with the PS4 and 3000$ for those to do with the PlayStation Network. The highest disclosed bounty so far is for 10,000$ was one to do with the exploitation of the Webkit browser engine. The vulnerability had a severity score of 7-8.9.

Read More: All About Bug Bounty Hunting

Webkit Browser Engine Exploitation

The vulnerability was disclosed on July 6 by a popular developer Nguyen. He announced it on his Twitter handle @thefow0. The Webkit engine had an earlier vulnerability found on PS4 firmware version 6.20. The exploit is done by establishing an arbitrary read/write and an arbitrary object address leak in wkexploit.js. The attack is progressed by setting up a framework to run ROP chains in index.html.

This generates two hyperlinks by default to test ROP chains. This was fixed in 6.50 firmware. As per the information on Nguyen’s Twitter account, he announced that the new vulnerability exists on systems running firmware 7.02 or earlier. According to him, the kernel exploit works in tandem with a Webkit exploit which preexists on firmware 6.72 or older.

He also discovered a vulnerability in the firmware version 6.02 a few months ago. He says that this was caused by missing locks in the IPV6_2292PKTOPTIONS option of set sockopt, which allows the attackers to race and free the struct ip6_pktopts buffer, while it is being handled by ip6_setptopt. Being one of the top paid vulnerability disclosure programs open for all, this is a good arena for people with enough exposure. It is also a good way for beginners to earn some credibility, provided that they can find bugs.

Similarly, the Play Station 5 is launched, this year is also expected to follow suit by rolling out a similar program immediately after the launch. This translates into continuous opportunities for those familiar and well-knowledged in the inner workings of the console and their gaming network.

Interested to learn more about the various bug bounty programs and their top contributors? Follow our blog to keep yourself updated with the latest trends in cybersecurity. 

Join 15,000+ Cybersecurity Innovators

Protect. Comply. Lead.

Secure your stack, stay compliant, and outpace threats with concise, field‑tested guidance on VAPT, cloud security, and regional privacy laws delivered by Wattlecorp’s
trusted advisors across the globe.

Leave a Comment

Your email address will not be published. Required fields are marked *

personal data privacy compliance Qatar Qatar Personal Data Privacy Compliance: Security Controls for Data Protection Readiness

Key Takeaways: Qatar’s Personal Data Privacy Protection Law applies to organizations that process personal data within its scope, including many businesses handling personal data of individuals in Qatar. Non-compliance isn’t just risky; it can result in hefty fines, operational chaos, and serious damage to your company’s reputation. Personal data privacy compliance Qatar isn’t just about […]

Read more >>
Azure server hardening UAE Azure Server Hardening for UAE Businesses: Securing Microsoft Cloud Against Misconfigurations

Key Takeaways: Azure server hardening UAE addresses the fundamental shared responsibility gap many organizations struggle with where Microsoft secures the cloud platform itself, but your organization must secure everything running on it, from configurations to identities to access controls. When Azure misconfigurations go unnoticed, they don’t quietly sit there. They actively create exploitable pathways, which […]

Read more >>
security architecture review Security Architecture Review for Saudi FinTech Platforms: Identity, API and Cloud Controls   

Key Takeaways: Security architecture review determines that whether security enables or blocks your FinTech growth in Saudi Arabia. It focuses on the differences between confidently saying yes to new partners versus constantly hitting the security roadblocks. Your security tools only work if they’re connected. Identity systems, API gateways, and cloud controls need to feed into […]

Read more >>
SOC 2 vs ISO 27001 in India SOC 2 vs ISO 27001 in India: Which Compliance Framework Does Your SaaS Company Need in 2026

Key Takeaways: Choosing between SOC 2 and ISO 27001 isn’t just about getting a badge. It directly impacts your sales pitch, how customers trust you, and whether you can crack enterprise markets globally. SOC 2 is your quick win if you’re selling to US customers. Most enterprise buyers won’t even look at you without it. […]

Read more >>
AWS server hardening UAE AWS Server Hardening for UAE Enterprises: CIS Benchmark and UAE IA Compliance Guide    

Key Takeaways: If you’re running a bank, fintech, healthcare provider, government contractor, or handling sensitive data in the UAE, AWS server hardening is critical for both security and compliance readiness. You’re responsible for your own security. AWS protects their infrastructure, but you must secure everything running on it: your EC2 instances, user permissions, network access, […]

Read more >>
Compromise Assessment for UAE   Compromise Assessment for UAE Enterprises: How to Find Out If You Have Already Been Breached 

Key Takeaways: Compromise Assessment for UAE enterprises is an evidence-based investigation that determines whether attackers have already accessed your systems, replacing assumptions with documented proof of what happened in your infrastructure. Hidden compromise costs more to remediate the longer it remains undetected, making early investigation critical for minimizing financial impact, regulatory exposure, and customer trust […]

Read more >>