Facebook launches โbug bountyโ program offering up to $40,000ย for reporting misuse of data
In the wake of the Cambridge Analytica row that has left the popular social media giant, Facebook red-faced, the company has stepped up its efforts to tighten data protection and show that its values the privacy of data. Facebook on Tuesday announced a bounty program that would reward people for reporting data abuse by app developers on its platforms so that it can avoid Cambridge Analytica like the situation in the future.
The โData Abuse Bountyโ program, which is the first of its kind in the industry, has payouts starting at $500 and going up to $40,000 for big discoveries, although the company noted that there’s no maximum amount for the payouts.
โWe committed to launching this program aย few weeks agoย as part of our efforts to more quickly uncover potential abuse of peopleโs information. The Data Abuse Bounty, inspired by theย existing bug bounty programย that we use to uncover and address security issues, will help us identify violations of ourย policies,โ Collin Greene, Head of Product Security, wrote in a blog post, late on Tuesday.
โThis program will reward people with first-hand knowledge and proof of cases where a Facebook platform app collects and transfers peopleโs data to another party to be sold, stolen or used for scams or political influence. Just like the bug bounty program, we will reward based on the impact of each report. While there is no maximum, high impact bug reports have garnered as much as $40,000 for people who bring them to our attention.โ
Greene further added, โWeโll review all legitimate reports and respond as quickly as possible when we identify a credible threat to peopleโs information. If we confirm data abuse, we will shut down the offending app and take legal action against the company selling or buying the data, if necessary. Weโll pay the person who reported the issue, and weโll also alert those we believe to be affected.โ
The โData Abuse Bountyโ is motivated by the current bug bounty program that the company uses to discover and address security flaws. This would help Facebook detect violations of its policies.ย Facebook pays out over $1 million on average a year in bug bounties, executives said.
โIt will help us find the cases of data abuse not tied to a security vulnerability. … This will cover both hemispheres, and help surface more cases like Cambridge Analytica so we can know about it first and take action,โ Facebookโs chief security officer, Alex Stamos told CNBC.
Currently, the companyโs โbug bounty teamโ has about 10 employees, but plans to hire more people and involve other teams in order to investigate validated claims.
To be eligible, the case must involve at least 10,000 Facebook users. The bounty hunter should show how data was abused and not just collected. Further, it should be a case that Facebook is not already aware of or is actively investigating. Scenarios such as data scraping, malware or mass-scale tricking of usersย to install apps, social engineering projects and non-Facebook cases (ex: Instagram) are not eligible.
โA door is always open if a whistleblower wants to say there’s something sketchy here,โ Greene told CNBC.