Meta will reward reports about scraping bugs and unprotected data sets
As scraping continues to be an internet-wide challenge, the company is opening up two new areas of research for its bug bounty community.
Meta has been running a bug bounty program since 2011. Over the past ten years, the company has paid out more than $14 million in bug bounties and received more than 150K reports, of which over 7,800 were awarded a bounty.
So far this year, Meta has awarded over $2.3 million to researchers from more than 46 countries.
Meta will now reward reports about scraping bugs submitted by its Gold+ Hacker Plus researchers. Hacker Plus is Meta’s bug bounty program where researchers that submit bugs are placed into different leagues depending on the criteria that researchers meet, with Gold League being somewhere in the middle.
“The goal of this program is to find bugs that attackers utilize to bypass scraping limitations to access data at a greater scale than the product intended. Our goal is to quickly identify and counter scenarios that might make scraping less costly to execute,” Meta said.
In addition, Meta is expanding its data bug bounty program to reward reports of unprotected or openly public data sets containing at least 100,000 unique Facebook user records that include information such as email, phone number, physical address, religious, or political affiliation.
“The reported data set must be unique and not previously known or reported to Meta. If the report is valid, we will make efforts with the relevant entity to remove the data set or consider legal means to address the issue. We will reward valid reports of scraped data sets in the form of charity donations to nonprofits of our researchers’ choosing to ensure that we are not incentivizing scraping activity,” Meta said.
Facebook has been long criticized for letting third parties collect or scrape its user data, with Cambridge Analytica being the most prominent scandal. The recent Facebook data leak, where a database containing 533M Facebook users’ data resurfaced on the internet, didn’t come as a surprise, especially for its fiercest critics who are pleading for more responsibility from a social media giant.
More from CyberNews:
Subscribe to our newsletter