Meta expands its bug bounty program to include data scrapping

Financial rewards starting at $500 are on offer for scraping bugs and scraped database reports.

Meta (formerly Facebook) has announced that it is expanding its bug bounty programme to start rewarding valid reports of scraping vulnerabilities across its platforms.

Under the programme, researchers will be rewarded for finding “unprotected or openly public databases containing at least 100,000 unique Meta user records with PII (personally identifiable information) or sensitive data. The main goal of this programme is to find bugs that attackers are utilising to bypass scraping limitations in order to access data at a greater scale than is intended in its products.

In a blog post, Meta says it believes it is the first to launch a bug bounty program to specifically target scraping activity. “We’re looking to find vulnerabilities that enable attackers to bypass scraping limitations to access data at greater scale than what we initially intended,” Security Engineering Manager Dan Gurfinkle told reports during a briefing.

Financial rewards starting at $500 are on offer for scraping bugs and scraped database reports will be matched with charity donations. The company said it will also contact hosting providers such as Amazon Web Services, Box, and Dropbox as appropriate to have the scraped information removed from their platforms.

Earlier this month, Meta increased the scope of Facebook Protect, a service designed to enhance the security of user accounts considered to be at higher risk.

Since the launch of its bug bounty program in 2011, Meta has paid more than $14 million in bug bounties and received more than 150,000 reports, of which more than 7,800 were awarded a bounty.

So far this year, the company awarded more than $2.3 million to researchers from 46 countries.

With inputs from IANS.

For more such content, visit: https://bit.ly/2XkTP0P

--

--

--

India's Largest Tech Community | 4.2 Million+ Developers | Guinness World Record Winner | Limca Book of Records

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to use Kyte.One on your mobile using Metamask

Seeing the Forest: Sherwood Applied Business Security Architecture (SABSA)

Billu: b0x VM

Understanding Identity & Access Management

Participate in Boxie testnet mining for free to receive your airdrop!

A VPN: What you Should Know about it in 2021 (Like for Real)

“Quantum Cryptography: The Next-Generation of Secure Data Transmission.” (From our Forums.)

Cornell Professor: Crypto Industry Could Benefit From Biden’s Executive Order, Regulations Provide…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
TechGig

TechGig

India's Largest Tech Community | 4.2 Million+ Developers | Guinness World Record Winner | Limca Book of Records

More from Medium

CVE-2021–44228 — Log4shell

web cache poisoning on private program on hackerone

Changes in OWASP Top 10: 2017 vs 2021

As the World Turns: SIP, TURN, and What Comes Next