Facebook, in a post on Tuesday, released a statement offering an award for white hat hackers who manage to hack into accounts, causing a full takeover.
The announcement said:
Cybersecurity researchers who find security vulnerabilities in any products owned by Facebook, including Instagram, WhatsApp, and Oculus, that can lead to a full account takeover, including access tokens leakage or the ability to access users’ valid sessions, will be rewarded an average bounty of:
- $25,000 reward—if minimum user interaction is required
- $40,000 reward—if user interaction is not required at all
This is nothing new for Facebook; they have a history of offering money for bugs found in their systems. They have paid out millions of dollars for reporting flaws over recent years.
This $40,000 award is the largest award ever offered by Facebook. They added:
By increasing the award for account takeover vulnerabilities and decreasing the technical overhead necessary to be eligible for bug bounty, we hope to encourage an even larger number of high-quality submissions from our existing and new white hat researchers to help us secure over 2 billion users.
It’s possible that Facebook has an increased drive for securing their user’s data because of the recent controversies they have been caught up in. This year up to 50 million accounts were exposed because of a vulnerability. Furthermore, Facebook came under scrutiny in early 2018 for not keeping control of how users data was handled by an external company they worked with, Cambridge Analytica, 87 million users were affected by this.
It’s fair to say Facebook’s reputation has taken a hit this year and they need to be particularly vigilant with user data going forward. With 2.2 Billion users, the potential for damage is huge if data is mishandled.
If you have found a bug on one of Facebook’s systems, you can get in touch with Facebook through here.