While every year, Facebook pays millions of dollars to researchers and bug hunters to find security holes in its products and organization, it is still facing security breaches. Facebook has been running its Bug Bounty program since 2011. Now, in order to step up its efforts to tighten the security of the platform, Facebook on Tuesday announced in a post that it has increased the average payout for account takeover vulnerabilities so as “to encourage security researchers to work on finding high-impact issues”. The announcement further read, “The researchers who find vulnerabilities that can lead to a full account takeover, including access tokens leakage or the ability to access users’ valid sessions, will be rewarded an average bounty of:
- $40,000 if user interaction is not required at all, or * $25,000 if minimum user interaction is required. “This change applies to all products owned by Facebook, including Instagram, WhatsApp, and Oculus. “Further, we will not require a full exploit chain in cases where leveraging the vulnerability requires bypassing our Linkshim mechanism. “While monetary reward may not be the strongest incentive for why bug bounty researchers hack, we believe it remains a strong motivator for our white hat researchers to invest time in helping us identify and mitigate vulnerabilities. We encourage researchers to share their proof of concept reports with us without having to also discover bypasses for Facebook defense mechanisms. “By increasing the award for account takeover vulnerabilities and decreasing the technical overhead necessary to be eligible for bug bounty, we hope to encourage an even larger number of high-quality submissions from our existing and new white hat researchers to help us secure over 2 billion users.” For those unaware, earlier this year, it was the Facebook–Cambridge Analytica data scandal where the personal information of 87 million Facebook users was harvested by Cambridge Analytica without their consent and used for political purposes. Later, in September this year, Facebook discovered a major security issue that allowed hackers to access information, which could allow them to take over around 50 million accounts. Source: Facebook