Here we have great news for all bug bounty hunters.
Now you can get paid up to $40,000 for finding and responsibly reporting critical vulnerabilities in the websites and mobile applications owned by Facebook that could allow cyber attackers to take over user accounts.
In the latest post published Tuesday on the Facebook page, the social networking giant announced that it has raised the monetary reward for account takeover vulnerabilities to encourage security researchers and bug bounty hunters in helping Facebook to fix high impact issues before nefarious hackers exploit them.
The announcement says:Cybersecurity researchers who find security vulnerabilities in any products owned by
Facebook, including
Instagram,
WhatsApp, and
Oculus, that can lead to a full account takeover, including access tokens leakage or the ability to access users' valid sessions, will be rewarded an average bounty of:
- $40,000 reward—if user interaction is not required at all
- $25,000 reward—if minimum user interaction is required
"We encourage researchers to share their proof of concept reports with us without having to also discover bypasses for Facebook defense mechanisms," Facebook
said.
"By increasing the award for account takeover vulnerabilities and decreasing the technical overhead necessary to be eligible for bug bounty, we hope to encourage an even larger number of high quality submissions from our existing and new white hat researchers to help us secure over 2 billion users."
In recent years Facebook has paid out millions of dollars to white hat hackers under its bug bounty program for reporting flaws in its services and helping the company fix them.
The move apparently comes in response to a recent massive data breach in Facebook that allowed attackers to gather personal information of around
30 million Facebook usersusing stolen access tokens by
exploiting a zero-day vulnerabilityin its "View As" feature.
If you find any vulnerability in Facebook-owned platforms, report it to the company through its
bug bounty program.
2018 has been quite a terrible year for Facebook with the most significant revelation being the
Cambridge Analytic scandalthat exposed personal data of 87 million Facebook users.
The social network also suffered its worst-ever security breach in September that exposed highly
sensitive data of 14 million users.
In June, the company suffered another issue affecting
14 million users, wherein users' posts that were meant to be private became public.
These incidents came out to be a
failure of the companyin keeping the information of its
2.2 billion usersprotected while generating billions of dollars in revenue from the same information.
from The Hacker News https://ift.tt/2R6ettP
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.