Tuesday, October 16, 2018

// // Leave a Comment


facebook mark zuckerberg
Facebook faced a lot of heat because of the Cambridge Analytica scandal that violated millions of Facebook users’ privacy. Since then, Facebook has been making constant efforts to make the platform more secure and authentic.
As a part of those efforts, earlier this year, Facebook launched a Data Abuse Bounty Program, which includes rewarding researchers for reports where “a Facebook platform app collects and transfers people’s data to another party to be sold, stolen, or used for scams or political influence.”
Now, four months after that, it is now being expanded into a Bug Bounty Program which will offer cash rewards starting from at least $500 to researchers who find bugs in a third-party app which involve “improper exposure of Facebook user access tokens.”
Tokens are created when you are logging into an app using your Facebook account. You decide what information the app can access at the time of log in. If those tokens become compromised, your data can be misused and that is what Facebook wants to prevent from happening at all costs.
Once a researcher reports a vulnerability in a third-party app, it goes in for reviewing and if the flaw is confirmed, the platform will then contact the app developer to fix that flaw. Meanwhile, the app will be suspended from Facebook.
As for the cash rewards, $500 is the starting amount and if the issue is more extreme, the reward will increase. If more than one person reports a bug on the same app, the reward will go to the person that reported first. Also, if the researcher doesn’t want the money and would like to donate it to charity, Facebook will double the reward and donate it.
With midterm elections so near, Facebook is pulling out all shots to ensure that the elections run smoothly. This cash reward program is to give researchers an incentive to be more observant and careful so that they notice these vulnerabilities in third party apps.
One thing that Facebook emphasized on was that the report will only be acceptable “if the bug is discovered by passively viewing the data sent to or from your device while using the vulnerable app or website.” You can’t “manipulate any request sent to the app or website from your device, or otherwise interfere with the ordinary functioning of the app or website in connection with submitting your report.”


Post a Comment