Bug Bounties

Rockstar Games

Powered by: 

Allows bounty splitting: 

Average time to first program response: 

Average time to bounty awarded null: 

Average time to report resolved: 

Handle rockstargames

Managed program: true

Name: Rockstar Games

Offers bounties: true

Offers swag: false

Response efficiency percentage: 100

Submission state: open

Url: https://hackerone.com/rockstargames

Website: http://www.rockstargames.com/

In scope:

  • Asset identifier: *.rockstargames.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Some subdomains excluded. See the rest of the scope table below.
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: Rockstar Games Launcher
  • Asset type: DOWNLOADABLE_EXECUTABLES
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: lifeinvader.com
  • Asset type: URL
  • Availability requirement: low
  • Confidentiality requirement: low
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: low
  • Max severity: medium



  • Asset identifier: prod.ros.rockstargames.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: rockstarnorth.com
  • Asset type: URL
  • Availability requirement: low
  • Confidentiality requirement: low
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: low
  • Max severity: medium



  • Asset identifier: socialclub.rockstargames.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: store.rockstargames.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Please note that the checkout/payment process go through the Xsolla platform. If you believe you have found a vulnerability in the checkout/payment process, please confirm first whether the vulnerability is in the general Xsolla platform, or our specific implementation.
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: support.rockstargames.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Vulnerability reports for support.rockstargames.com may not be awarded bounties if it is discovered that the root vulnerability lies in Zendesk's code. Hackers are encouraged to submit such reports to [Zendesk's bug bounty program](https://hackerone.com/zendesk).
  • Integrity requirements: 
  • Max severity: critical