Rec Room Video Games

  • $150 – $2,500 per vulnerability

Program stats

  • Vulnerabilities rewarded 89
  • Validation within 3 days 75% of submissions are accepted or rejected within 3 days
  • Average payout $350 within the last 3 months

Latest hall of famers

Recently joined this program

Important: Do not use vulnerability scanners on this program.

Rec Room is the best place to build and play games together. Party up with friends from all around the world to chat, hang out, explore MILLIONS of player-created rooms, or build something new and amazing to share with us all. Rec Room is free, and cross plays on everything from phones to VR headsets. It’s the social app you play like a video game!

No technology is perfect and Rec Room believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. We are excited for you to participate as a security researcher to help us identify vulnerabilities in our targets. Good luck, and happy hunting!


For bugs/issues pertaining to in game experience (that don't pose a security impact), please refer to our Submitting an In-Game Bug Report support article.


New updates can be found here:


For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

In-game Items


As a thanks for keeping Rec Room secure, we are also rewarding exclusive in-game items in addition to cash. We will reach out to coordinate receiving rewards very soon.

Item Requirements

Requirement Reward
Submission was rewarded points Hackola
25 points earned total Hacker Jacket (white)
50 points earned total Hacker Hat (white)

Collaborator Points Bonus

For any submission with collaborators, the points given will be doubled and capped at total number of points rewarded for the given priority. For example, Researcher A is getting 60%, and Researcher B is getting 40%. The submission is rewarded a total of 20 points. Researcher A gets 12 points, and Researcher B gets 8 points. With item rewards, we will count these points as 20 points for Researcher A, and 16 points for Researcher B. Please note that if you have collaborated, your total points in our program does not include our bonus.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please submit through the Bugcrowd Support Portal. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.