Microsoft offers up to $20,000 in Xbox bug bounty program

Written by

Microsoft is trying to make life harder for the hackers who ruin Christmas for gamers every year by knocking Xbox services offline.

The company on Thursday announced a bug bounty program that offers rewards to security researchers, gamers and technologists who report vulnerabilities in Xbox’s network and services. Submissions that demonstrate a proof-of-concept are eligible for rewards of between $500 and $20,000, depending on the severity of the vulnerability.

Unveiling a bug bounty program meant specifically to identify flaws in Xbox’s network and services comes after hackers have spent years working to disrupt the popular gaming system. The hacking group known as Lizard Squad, for instance, made its name in part by launching attacks on the Xbox network on Christmas Day, when gamers receive new systems, while others have made a sport out of stealing prominent user accounts.

While there’s no question Xbox deals with security incidents throughout the year, coming forward with this bug bounty program in January also gives Microsoft security staffers a full year to make any adjustments before the next holiday season.

The full $20,000 prize is meant for researchers who submit high quality reports about critical vulnerabilities that could result in remote code execution, in which an attacker can make changes to a victimized machine. Elevation of privileges, meanwhile can result in payments ranging from $3,000 to $8,000, while bypassing security features can net researchers up to $5,000. Denial of service attacks are out of scope, under the terms of the program.

Other submissions that are not eligible for rewards could warrant recognition, an important distinction for bounty hunters who prove their authenticity by pointing to examples of public acknowledgements.