The announcement was made on Facebook‘s own bug bounty page. Here, the social network calls on white hats to attack the platform in every possible way in order to uncover previously unknown vulnerabilities and thus forestall their shady colleagues. Facebook’s bug bounty program is already 7 years old, but so far it has not been able to prevent numerous data breaches and attacks on the network. To counter these business-damaging incidents, the company now plans to give ethical hackers more attractive incentives to find holes in its platform. Here is an excerpt from the official version translated into German Announcement (English):
To encourage security researchers to disclose issues with far-reaching consequences, starting today we are increasing the average reward for account takov vulnerabilities. We would like to ensure that such security gaps, similar to the one disclosed in September, are brought to our attention as responsibly and promptly as possible.
In this context, we reward security researchers who find security vulnerabilities that enable complete takeover of user accounts, for example through the theft of access tokens or the ability to access valid user sessions, with an average reward of:
* $40,000 if no user interaction is required, or
*$25,000 if a minimum level of user interaction is required.
The program also extends to other services from the Internet giant such as Instagram, WhatsApp and Oculus. Hackers are not obliged to provide a complete exploit chain if the process involves bypassing the here (English) Linkshim system described requires. Facebook wants to ensure that hackers can present their proof of concept without having to bypass additional security layers.
“By increasing the account takeover bounty and reducing the technical effort required to be eligible for the bounty, we aim to further increase the number of high-quality submissions from existing and new white hat researchers and thus our “Protecting more than 2 billion users,” Facebook continued.
rn
