Rec Room Video Games

  • $150 – $2,500 per vulnerability

Program stats

  • Vulnerabilities rewarded 79
  • Validation within 3 days 75% of submissions are accepted or rejected within 3 days
  • Average payout $523 within the last 3 months

Latest hall of famers

Recently joined this program

1213 total

Important: Do not use vulnerability scanners on this program.

Rec Room is the best place to build and play games together. Party up with friends from all around the world to chat, hang out, explore MILLIONS of player-created rooms, or build something new and amazing to share with us all. Rec Room is free, and cross plays on everything from phones to VR headsets. It’s the social app you play like a video game!

No technology is perfect and Rec Room believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. We are excited for you to participate as a security researcher to help us identify vulnerabilities in our targets. Good luck, and happy hunting!

Support:

For bugs/issues pertaining to in game experience (that don't pose a security impact), please refer to our Submitting an In-Game Bug Report support article.

Changelog:

New updates can be found here:
https://recroom.com/ship-notes

Ratings/Rewards:

For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please submit through the Bugcrowd Support Portal. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.