Meta expands bug bounty program to reward discoveries of scraped data

Meta is expanding its bug bounty program to reward researchers who report data scraping. The change will allow researchers to report both bugs that could enable scraping activity, as well as previously scraped data that has already been published online.

In a blog post, Meta says it believes it is the first to launch a bug bounty program to specifically target scraping activity. “We’re looking to find vulnerabilities that enable attackers to bypass scraping limitations to access data at greater scale than what we initially intended,” Security Engineering Manager Dan Gurfinkle told reports during a briefing.

Data scraping is different than other “malicious” activity Meta tracks as it uses automated tools to mass-collect personal information from users’ profiles, such as email addresses, phone numbers, profile photos and other details. Even though users often willingly share this information on their public Facebook profiles, scrapers can expose these details more widely, such as publishing the information in searchable databases.

It can also be difficult for Meta to combat this activity. For example, in April the personal information of more than 500 million Facebook users was published on a forum. In that case, the actual data scraping had occurred years prior, and the company had already addressed the underlying flaw. But there was little it could do once the data started circulating online. In some cases, the company has alsosued individuals for data scraping.

Under the new bug bounty program, researchers will be rewarded for finding “unprotected or openly public databases containing at least 100,000 unique Facebook user records with PII [personally identifiable information] or sensitive data (e.g. email, phone number, physical address, religious or political affiliation).” Instead of its usual payouts though, Meta says it will donate to a charity chosen by the researcher in order not to incentivize the publishing of scraped data.

For reports of bugs that can lead to data scraping, researchers can choose between a donation or a direct payout. Meta says each bug or dataset is eligible for at least a $500 award.

Editor’s note:This article originally appeared on Engadget.

Credit belongs to : www.techcrunch.com

You May Also Like

Inside Iyin Aboyeji’s plan to build charter cities for African tech

African cities, particularly sub-Saharan ones, have the fastest global urban growth rate. But with challenges around overcrowding, congestion, infrastructure, power and poor governance, these cities are maxed out in what they can provide to the average African living in urban environments. Some experts think charter cities offer a solution. They are granted a special jurisdiction […]

Zapp snaps up $200M to supersize its instant grocery play

Zapp, the instant grocery delivery startup that launched in 2020 in London, has picked up a substantial round of funding to go head-to-head with Getir, GoPuff, Jiffy, Deliveroo and the many others hungry for a share of the on-demand convenience market. It has raised $200 million, a Series B round of funding that Zapp said […]
error: Content is protected !!