Facebook is offering $40,000 bounty for reporting data abuse

Facebook launches โ€˜bug bountyโ€™ program offering up to $40,000ย for reporting misuse of data

In the wake of the Cambridge Analytica row that has left the popular social media giant, Facebook red-faced, the company has stepped up its efforts to tighten data protection and show that its values the privacy of data. Facebook on Tuesday announced a bounty program that would reward people for reporting data abuse by app developers on its platforms so that it can avoid Cambridge Analytica like the situation in the future.

The โ€œData Abuse Bountyโ€ program, which is the first of its kind in the industry, has payouts starting at $500 and going up to $40,000 for big discoveries, although the company noted that there’s no maximum amount for the payouts.

โ€œWe committed to launching this program aย few weeks agoย as part of our efforts to more quickly uncover potential abuse of peopleโ€™s information. The Data Abuse Bounty, inspired by theย existing bug bounty programย that we use to uncover and address security issues, will help us identify violations of ourย policies,โ€ Collin Greene, Head of Product Security, wrote in a blog post, late on Tuesday.

โ€œThis program will reward people with first-hand knowledge and proof of cases where a Facebook platform app collects and transfers peopleโ€™s data to another party to be sold, stolen or used for scams or political influence. Just like the bug bounty program, we will reward based on the impact of each report. While there is no maximum, high impact bug reports have garnered as much as $40,000 for people who bring them to our attention.โ€

Greene further added, โ€œWeโ€™ll review all legitimate reports and respond as quickly as possible when we identify a credible threat to peopleโ€™s information. If we confirm data abuse, we will shut down the offending app and take legal action against the company selling or buying the data, if necessary. Weโ€™ll pay the person who reported the issue, and weโ€™ll also alert those we believe to be affected.โ€

The โ€œData Abuse Bountyโ€ is motivated by the current bug bounty program that the company uses to discover and address security flaws. This would help Facebook detect violations of its policies.ย Facebook pays out over $1 million on average a year in bug bounties, executives said.

โ€œIt will help us find the cases of data abuse not tied to a security vulnerability. … This will cover both hemispheres, and help surface more cases like Cambridge Analytica so we can know about it first and take action,โ€ Facebookโ€™s chief security officer, Alex Stamos told CNBC.

Currently, the companyโ€™s โ€œbug bounty teamโ€ has about 10 employees, but plans to hire more people and involve other teams in order to investigate validated claims.

To be eligible, the case must involve at least 10,000 Facebook users. The bounty hunter should show how data was abused and not just collected. Further, it should be a case that Facebook is not already aware of or is actively investigating. Scenarios such as data scraping, malware or mass-scale tricking of usersย to install apps, social engineering projects and non-Facebook cases (ex: Instagram) are not eligible.

โ€œA door is always open if a whistleblower wants to say there’s something sketchy here,โ€ Greene told CNBC.

Kavita Iyer
Kavita Iyerhttps://www.techworm.net
An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!

Read More

Suggested Post