We may earn a commission when you buy through links in our articles. Learn more.

Valve will pay thousands to hackers reporting critical Steam security flaws

valve bug bounty

Valve have started offering bounties on security flaws in their services, with cash awards for hackers who come forward with identified vulnerabilities. The bounties cover Steam, Steam apps, Valve-owned web domains, Valve games, and multiplayer and economy aspects related to those games.

Not getting paid? Check our guide to free Steam games.

It’s not an uncommon practice, and Valve join tech companies as significant as Twitter and Nintendo in rewarding white hat hackers for reporting security flaws through their HackerOne board. Bug reports will be rewarded according to CVSS-ranked severity, ranging from $0-$200 on the low end up to $2,000 or more for severe and critical vulnerabilities.

The bounties only cover proper vulnerabilities, with lower key game bugs and exploits still going through Valve’s support site. In the three days since the program’s been up, over $100,000 in bounties have been paid out, with 40 hackers thanked for their assistance. Valve do ask you refrain from DDOS attacks and social engineering in your attempts to find vulnerabilities, though.

Valve seem to be gearing up for a relaunch on their web presence, with a website redesign briefly going online earlier today – teasing “top secret” new games, too – and the long-reported Steam UI redesign still coming down the pipe.