The social network would pay up to $40k USD for reporting errors that allow a single account takeover
In the middle of an image crisis because of critics of users and regulatory authorities on its data protection policy, Facebook has announced the expansion of its bug bounty program for experts in ethical hacking and digital forensics. White hat hackers could earn up to $40k USD for reporting a single bug, depending on its severity and required users’ interaction.
The announcement was posted on the company’s bounty program page, where Facebook has invited ethical hackers to try to get into its platform in any conceivable way, looking for never seen before bugs before malicious hackers find them. Although the Facebook bounty program has been active for over 7 years, the social network has never been free of attacks or information leaks. According to experts in digital forensics from the International Institute of Cyber Security, this is the most recent effort of the company to avoid continuing to present security incidents that threaten its image and business model.
“To encourage security investigators to work on the search for high-impact security issues, we have increased the average payment of account theft errors. Our goal is to ensure that these vulnerabilities, like the one revealed last September, are of Facebook knowledge in a timely and responsible way,” mentions the company’s statement.
Now the company will pay $40k USD if the bug does not require user interaction for its exploitation, while the payment for bug reports requiring minimum user interaction would reach $25k USD.
According to experts in digital forensics, this program will be extended to other services owned by the social network, including Instagram, WhatsApp and Oculus. Ethical hackers will not be required to present a full operating string if the process requires bypassing the Linkshism mechanism, by Facebook. The company wants hackers to be able to share the proof of concept of bug error without having to violate additional security layers.
“By increasing the rewards for account theft vulnerabilities and decreasing the required technical load in each bug report, we expect to receive a greater number of submits for the bounty program, increasing the quality of the work of research in collaboration with white hat hackers, helping to protect more than 2 billion users from the different Facebook services”, the statement ultimately mentions.