24 new bugs closed on PlayStation’s HackerOne bug bounty program, most likely related to PSN

PlayStation’s page on HackerOne has had new bounties paid out this week, for what appears to be up to 24 bugs found and disclosed by hackers mghack123.

Ranging from $100 to $400 bounties, it appears that these vulnerabilities are for the PlayStation Network (possibly, its website) rather than security risks on the PS4 or PS5 consoles (for which bounties are typically higher, starting at $500).

Furthermore, looking at mghack123’s profile on HackerOne, the security researcher has received bounties in the past from a variety of companies including Alibaba, AirBnB, Yahoo, Paypal, and more. This looks like the profile of someone who specializes in network security as a whole, rather than PlayStation in particular (let alone its consoles).

HackerOne bug bounty – Still no PS4/PS5 Jailbreak in sight

In other words, these vulnerabilities would most likely not have been useful in the context of a PS4 or PS5 Jailbreak, however we can hope that their discovery has helped making the PSN more secure. Considering that payments happen on that platform, and that Sony’s history is less than stellar, it’s great to know some people are looking for these vulnerabilities in order to get them patched.

Since opening to the public in 2020, PlayStation’s HackerOne bounty program has ben controversial on the homebrew scene: some see it as a way for both Sony to protect their platform and Homebrew enthusiasts to get Jailbreaks down the line as bugs get disclosed, others see it as a way for security researchers to sell their exploits instead of sharing them with the community. A handful of bugs reported to PlayStation through this program ended up being disclosed and ported to the Jailbreaks we know and use today on PS4 and PS5, although it’s difficult to gauge if the scene would have been in a better or worse state without this bug bounty program.