Meta expands bug bounty program to reward discoveries of scraped data

Meta is expanding its bug bounty program to reward researchers who report data scraping. The change will allow researchers to report both bugs that could enable scraping activity, as well as previously scraped data that has already been published online.

In a blog post, Meta says it believes it is the first to launch a bug bounty program to specifically target scraping activity. “We’re looking to find vulnerabilities that enable attackers to bypass scraping limitations to access data at greater scale than what we initially intended,” Security Engineering Manager Dan Gurfinkle told reports during a briefing.

Data scraping is different than other “malicious” activity Meta tracks as it uses automated tools to mass-collect personal information from users’ profiles, such as email addresses, phone numbers, profile photos and other details. Even though users often willingly share this information on their public Facebook profiles, scrapers can expose these details more widely, such as publishing the information in searchable databases.

It can also be difficult for Meta to combat this activity. For example, in April the personal information of more than 500 million Facebook users was published on a forum. In that case, the actual data scraping had occurred years prior, and the company had already addressed the underlying flaw. But there was little it could do once the data started circulating online. In some cases, the company has alsosued individuals for data scraping.

Under the new bug bounty program, researchers will be rewarded for finding “unprotected or openly public databases containing at least 100,000 unique Facebook user records with PII [personally identifiable information] or sensitive data (e.g. email, phone number, physical address, religious or political affiliation).” Instead of its usual payouts though, Meta says it will donate to a charity chosen by the researcher in order not to incentivize the publishing of scraped data.

For reports of bugs that can lead to data scraping, researchers can choose between a donation or a direct payout. Meta says each bug or dataset is eligible for at least a $500 award.

Editor’s note:This article originally appeared on Engadget.

Credit belongs to : www.techcrunch.com

You May Also Like

Rocketplace raises $9M in seed funding to build the ‘Fidelity for crypto’

Rocketplace, a startup that aims to build a “next-generation asset management platform for crypto,” has raised $9 million in a seed funding round. A few things about this raise stood out. For one, the funding comes at an interesting time in the crypto world — during the so-called “crypto winter” and a period that has […]

YouTube Shorts will start adding watermarks to discourage cross-platform sharing

YouTube Shorts, the platform’s TikTok competitor, is rolling out a watermarking feature. That means that when creators make a short on YouTube, they won’t be able to download their video and cross-post it to other apps without a YouTube watermark. A YouTube community manager posted about the update yesterday on a support thread that chronicles […]
error: Content is protected !!