The complete list of Facebook’s bug hunters is disclosed at http://www.facebook.com/whitehat/, however not all of them have received the bounty. According to Bloomberg Businessweek in an article dated January 2012, Tal Be’ery reported a bug for free back in 2010, when Facebook had not implement the monetary reward system.
While white hat hackers used to be happy with the mere mention on Facebook, they are now heavily motivated by the Visa-branded debit cards that have a guaranteed minimum of $500 and can fetch up to $5,000, depending on the severity of the reported bug.
As of January 31, 2012, the highest reward collected by a single hacker with this program is $24,000. While $190,000 may seem like a lot of money, keep in mind that Google has already shelled out $700,000 in a similar program and that black hat hackers can fetch up to $1 million in black markets.
The bounty goes for reports of bugs that could compromise the integrity of Facebook user data, or circumvent the privacy protections of Facebook user data, such as:
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF/XSRF)
- Remote Code Injection
- Broken Authentication (including Facebook OAuth bugs)
- Circumvention of our Platform permission model
- A bug that allows the viewing of private user data
Got some hacking skills? Try Facebook’s bounty program at http://www.facebook.com/whitehat/bounty/.
Find out how HR professionals analyze your Facebook profile in an article from Damian Davila. You can read more articles from Damian at SexySocialMedia here. Follow Damian on Twitter at @idaconcpts.
Posted in Social Media News. Tags: bug bounty visa card, facebook bug bounty, facebook white hat, white hat bug bounty
Feel free to leave a reply using the form below!