If you find a Facebook data vulnerability in third-party apps and sites, then you can earn up to $500…wait, this is not one of those cheeky ads to lure you in and then wast your time… I would never do that!!
Well, coming back, Facebook’s bug bounty program was launched a year ago, and now, Facebook is expanding the program. If data detectives can that, Facebook has some data vulnerable in some third-party app or site as mention before can claim a reward for $500. The people who get involved in this program will have to conduct an active penetration test with the permission of the third-party app.
Facebook, said on… well…Facebook, announcing the expansion of the program, “Last year, we launched an industry-first bug bounty for third-party apps and websites to reward researchers who find vulnerabilities that involve improper exposure of Facebook user data. Although these bugs aren’t related to our code, we want researchers to have a clear channel to report these issues if they could lead to our users’ data potentially being misused.
Today, we are expanding the scope of this program to reward valid bug reports in third-party apps and websites that integrate with Facebook when they are found through active pen-testing authorized by the third-party rather than just by passively observing the vulnerability. To be eligible, we ask that researchers comply with the third-party’s vulnerability disclosure or bug bounty program before submitting their findings to Facebook. This change significantly increases the scope of the security research that our bug bounty community can share with us and get rewarded for when they find potential vulnerabilities in these external apps and websites.”
The permission policy might hider the progress that the program might have achieved as the permission requirement will make the third party aware of the flaw. Even if the third party gives its consent to conduct the test, they might fix that flaw before the tester can make Facebook aware of it. However, as long as the companies co-operate, the test may turn out to be a success, and with a massive incentive, people will be hoarding to test the third-party apps and sites.