Xbox Live has never suffered a major hack, and Microsoft would like to keep it that way, in part by rewarding people who report vulnerabilities in the gaming network with cash.


“The Xbox Bounty Program invites gamers, security researchers, and others around the world to help identify security vulnerabilities in the Xbox Live network and services and share them with the Xbox team,” the company stated yesterday on the new program’s launch page. “Qualified submissions are eligible for bounty rewards of $500 to $20,000 USD.”

To be eligible for the rewards, submissions will need to meet two criteria. First, the reported vulnerability needs to be original and reproducible in the latest version of Xbox Live. Second, it needs to include a clear guide for how Xbox Live network engineers can replicate the issue.


More severe issues, like being able to remotely execute code, have the potential to net the largest payouts, while spotting issues related to general tampering or the disclosure of network information are on the lower end. Interestingly, the quality of the report has a huge impact on the reward, with “low quality” ones cutting potential prizes in half. In other words don’t turn in sloppy homework.

While this is the first time Microsoft has rolled out a bug bounty for Xbox Live, The Verge reports the company’s had one in place for Windows since 2017. Other video game companies like Valve and Rockstar Games also have similar programs, as do the other console manufacturers.

Nintendo’s maximum payout for its bounty program is also $20,000, although no one has yet collected that much. Sony, on the other hand, only gives out t-shirts that say “Secure@Sony Finder” on them. Notably it was Sony’s PlayStation Network that went down for 23 days after the service was hacked in 2011.