Facebook (Meta) expands bug bounty program to combat scraping

Facebook expands bug bounty
Written by Emma Davis

Meta’s security team (formerly Facebook) announced that they are expanding their bug bounty reward program to include parsing attacks and unauthorized collection of user data.

From now on, the company will pay cybersecurity researchers if they discover holes in anti-scraping tools that allow attackers to collect user information, even if this data is publicly available and is simply indicated in profiles. For such bugs, you can start at $ 500.

In addition, the company said it will reward those researchers who find on the Internet the data of Facebook users collected through scraping earlier.

The dataset you are reporting must be unique, previously unknown to Meta. If we confirm that the user’s PII has been retrieved and is now available online on a non-Meta site, we will work to take appropriate action, which may include working with an appropriate organization to remove that dataset or seeking legal remedies to resolve Problems.Dan Gurfinkel, security manager at Facebook explains
Dan Gurfinkel

Dan Gurfinkel

Such dumps must contain at least 100,000 user records and details such as email addresses, phone numbers, physical addresses, information about religious or political views, and any personal and confidential information specified in user profiles. It doesn’t matter if the data was collected by a cybercriminal or an application developer, since Meta intends to fight all illegal data collection on its platform.

To avoid situations where bug hunters themselves scrap data from Facebook and then merge it into the network (to earn rewards), the company said it would not pay for such reports. Instead, Facebook plans to make donations to charity of the researcher’s choice of $ 500 or more.

I must say that the problem with data scraping has long been very acute for Facebook. For example, in the spring of this year, a hacker put up for sale the data of 533 million Facebook users, collected in this way. At that time, Facebook representatives said that they disabled the Contact Importer feature, which was abused by the scraper, back in September 2019, when they discovered that attackers were using it.

In October 2021, Facebook filed a lawsuit against the Ukrainian who, from January 2018 to September 2019, collected information about 178 million people, and then leaked this information to the network.

Let me remind you that we also reported that Facebook expanded bug bounty program for third-party services.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply