Here we have great news for all bug bounty hunters.
Now you can get paid up to $40,000 for finding and responsibly reporting critical vulnerabilities in the websites and mobile applications owned by Facebook that could allow cyber attackers to take over user accounts.
In the latest post published Tuesday on the Facebook page, the social networking giant announced that it has raised the monetary reward for account takeover vulnerabilities to encourage security researchers and bug bounty hunters in helping Facebook to fix high impact issues before nefarious hackers exploit them.
The announcement says:
Cybersecurity researchers who find security vulnerabilities in any products owned by Facebook, including Instagram, WhatsApp, and Oculus, that can lead to a full account takeover, including access tokens leakage or the ability to access users’ valid sessions, will be rewarded an average bounty of:
- $40,000 reward—if user interaction is not required at all
- $25,000 reward—if minimum user interaction is required
“We encourage researchers to share their proof of concept reports with us without having to also discover bypasses for Facebook defense mechanisms,” Facebook said.
“By increasing the award for account takeover vulnerabilities and decreasing the technical overhead necessary to be eligible for bug bounty, we hope to encourage an even larger number of high quality submissions from our existing and new white hat researchers to help us secure over 2 billion users.”
In recent years Facebook has paid out millions of dollars to white hat hackers under its bug bounty program for reporting flaws in its services and helping the company fix them.
The move apparently comes in response to a recent massive data breach in Facebook that allowed attackers to gather personal information of around 30 million Facebook users using stolen access tokens by exploiting a zero-day vulnerability in its “View As” feature.
If you find any vulnerability in Facebook-owned platforms, report it to the company through its bug bounty program.
2018 has been quite a terrible year for Facebook with the most significant revelation being the Cambridge Analytic scandal that exposed personal data of 87 million Facebook users.
The social network also suffered its worst-ever security breach in September that exposed highly sensitive data of 14 million users.
In June, the company suffered another issue affecting 14 million users, wherein users’ posts that were meant to be private became public.
These incidents came out to be a failure of the company in keeping the information of its 2.2 billion users protected while generating billions of dollars in revenue from the same information.