There is old English proverb, having a cake and eating it too!!! Reginaldo Silva, a 27 year old Brazilian, who discovered a bug in Facebook in November 2013 is richer by $33,500 and has landed a job on Facebook.  Silva found a security loophole on Facebook’s servers and provided Facebook with PoC which was accepted by the Facebook security engineers.   The discovery led to the largest “bug bounty” ever paid by Facebook, and a job for Silva as an engineer at Facebook.

Bounty Hunter Reginaldo Silva earns record $33,500 and lands a job with Facebook security team
The breach that Silva uncovered allowed a hacker to enter Facebook servers and execute arbitrary code. The severity of the flaw can be gauged from the fact that it could have allowed the potential hacker to access Facebook accounts or even spread any malicious code or a full fledged computer virus to all the Facebook users, though the Facebook  spokesman said any manipulation of its servers would have been quickly identified and stopped by the company.

A Facebook panel studying the security loophole submitted by Silva initially awarded $26,500.00.  Silva felt this amount was too low considering the seriousness of the bug and approached Facebook to reconsider increasing its bounty price.  Facebook security engineers apparently agreed with Silva and increased the amount to $33,500.00.  Facebook employs thousands of engineers to look into the security aspect but every once in a while some bug escapes their scrutiny.  This is where ‘White Hat’ hackers like Silva come into play and stake claim for their just rewards.  In this case, Facebook has offered him a job as engineer working on Facebook’s product security team and he has accepted it.  

  
“They’ve found things we wouldn’t have found,” says Alex Rice, head of product security at Facebook. “The bounty program has by far been the best tool we have for identifying bugs that make it out into the wild.”


As per the Facebook terms and condition, Silva submitted the proof of concept for the security loophole to Facebook.  And once Facebook fixed the flaw, Silva described the problem on his blog

White hat hackers, security researchers and other engineers are always on a lookout for a bug, flaw or a vulnerability in Facebook since it is one of the largest social networking website in the world. Last year alone, Facebook received 14,736 submissions from bounty hunters from around the world.  This is double the submissions the previous year. Facebook paid cash rewards for roughly a third of the submissions. A panel of eight to 15 Facebook engineers vote on the reward amount that should be paid for each bug.  Facebook paid a total of $1.5 million in 2013 to 330 people in 2013 for discovering bugs.

LEAVE A REPLY

Please enter your comment!
Please enter your name here