Rec Room Video Games

  • $150 – $2,500 per vulnerability

Program stats

  • Vulnerabilities rewarded 42
  • Validation within 4 days 75% of submissions are accepted or rejected within 4 days
  • Average payout $412.50 within the last 3 months

Latest hall of famers

Recently joined this program

Important: Do not use vulnerability scanners on this program. Also, do not use custom scripts and fuzzing tools on this program unless it is for targeted, specific testing, and then only at less than six requests per second. Please also limit this type of testing to 9 am - 6 pm PST Monday - Friday to minimize disruption.

Rec Room is the best place to build and play games together. Party up with friends from all around the world to chat, hang out, explore MILLIONS of player-created rooms, or build something new and amazing to share with us all. Rec Room is free, and cross plays on everything from phones to VR headsets. It’s the social app you play like a video game!

No technology is perfect and Rec Room believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. We are excited for you to participate as a security researcher to help us identify vulnerabilities in our targets. Good luck, and happy hunting!

Changelog:

New updates can be found here:
https://recroom.com/ship-notes

Ratings/Rewards:

For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.