Rockstar Games, makers of Grand Theft Auto, Red Dead Redemption and other wildly popular video games, has launched a bug-bounty program.
Having run a private bug-bounty program for more than nine months, Rockstar has already tapped the hacker community for help in targeting the most the readily identifiable types of vulnerabilities found across their network. The results have been positive, with participants identifying and closing more than 150 vulnerabilities for more than $85,000 in bounties paid.
Rockstar is now ready to take the next step, opening the program to the public in order to seek help from the broader hacker community. It offers a minimum bounty for successful vulnerability submissions of $150. Depending on the severity and complexity of the identified potential vulnerability, higher bounties may be paid out—and some participants have been paid as much as $1,000 per flaw.
We encourage you to hunt for bugs in support.rockstargames.com, which is run on top of the Zendesk platform,” the company said on its bounty page. “The privacy, security and experience of our users are of the utmost importance. Under no circumstances may any testing target or negatively affect our users. You must use only accounts you own and/or created specifically for testing purposes.”
The domains up for probing are: www.rockstargames.com; socialclub.rockstargames.com; lifeinvader.com; rockstarnorth.com; prod.ros.rockstargames.com; prod.conductor.ros.rockstargames.com; prod.telemetry.ros.rockstargames.com; prod.cloud.rockstargames.com; prod.hosted.cloud.rockstargames.com; media.rockstargames.com and patches.rockstargames.com.
Grand Theft Auto last August became the latest gaming victim of a breach when the personal details of an estimated 200,000 gamers were discovered being traded online. Its forum database had been compromised and email addresses, hashed passwords and “any other details you may have saved in your profile” could be in the hands of the hackers. The site admin forced a password reset and urged all users to change any credentials on sites with which they share the same password.