1. Home
  2. Bug Bounty Programs
  3. Nintendo
HackerOne · Bug Bounty

Nintendo Bug Bounty Program

Complete guide to Nintendo's bug bounty program on HackerOne. View in-scope assets, reward amounts, response times, and tips for finding vulnerabilities.

Program Overview

Nintendo runs a bug bounty program on HackerOne. The program has 7 in-scope assets.

7
In-Scope Assets
90%
Efficiency
48d
Avg Bounty Time

In-Scope Assets

AssetTypeMax SeverityEligible
Nintendo Switch 2 Kernel / ARM® TrustZone®HARDWARECriticalBounty
Nintendo Switch 2 Security controller known as PSC or Platform Security Controller (any component) / Security controller known as TSEC (bootROM only)HARDWARECriticalBounty
Nintendo Switch 2 System ProcessesHARDWARECriticalBounty
Nintendo Switch 2 System Processes allowing piracyHARDWARECriticalBounty
Nintendo Switch 2 applications for which Nintendo is the publisher worldwideHARDWARECriticalBounty
Nintendo Switch SystemHARDWARECriticalBounty
Nintendo Switch applications for which Nintendo is the publisher worldwideHARDWARECriticalBounty

Out-of-Scope Assets

  • Nintendo 3DS System
  • Nintendo 3DS applications for which Nintendo is the publisher worldwide

Tips for Hacking Nintendo

  1. Read the policy — Understand what's in scope, out of scope, and any specific testing restrictions before you start.
  2. Enumerate the attack surface — Use subdomain enumeration and directory bruteforcing to map all accessible endpoints.
  3. Focus on high-impact bugs — Look for SQL injection, SSRF, and IDOR vulnerabilities first.
  4. Test authentication flows — Check for OAuth misconfigurations and CSRF in login/signup flows.
  5. Write clear reports — Include steps to reproduce, impact assessment, and suggested remediation. Use Burp Suite to capture evidence.

Frequently Asked Questions

How do I start hacking Nintendo?

Sign up on HackerOne, read the program policy carefully, review the in-scope assets listed above, and start testing. Always stay within scope and follow responsible disclosure guidelines.

Does Nintendo pay bounties?

Yes, Nintendo offers monetary rewards for valid security vulnerabilities.

What types of vulnerabilities does Nintendo accept?

Nintendo accepts reports for vulnerabilities found in their 7 in-scope assets. Common accepted vulnerability types include XSS, SQL injection, SSRF, IDOR, authentication bypass, and RCE. Check the program policy for specific exclusions.

Similar Programs on HackerOne

Superhuman (formerly Grammarly)

HackerOne · Bug Bounty · 24 assets

HCL Software Inc.

HackerOne · VDP · 48 assets

Quora

HackerOne · Bug Bounty · 4 assets