In the wake of the Cambridge Analytica scandal, Facebook is taking steps to ensure another disastrous data breach does not occur. As part of their efforts, the company has announced a Data Abuse Bounty Program that will reward people who find cases of data abuse on its platforms. The company will give people who identify qualifying incidents a reward between $500 and $40,000
To qualify, the breach must be widespread, involve more than 10,000 Facebook users, be a clear and definitive example of abuse of data and a case that the company is not already aware of or actively investigating.
Bounty amounts will be determined based on a number of factors including impact, data exposure and number of affected users. Companies that scrape data, use malware to get people to install apps and non-Facebook cases are not eligible.
“It will help us find the cases of data abuse not tied to security vulnerability,” Facebook’s chief security officer, Alex Stamos, told CNBC. ” … This will cover both hemispheres, and help surface more cases like Cambridge Analytica so we can know about it first and take action.”
Facebook CEO Mark Zuckerberg discussed the program during his testimony before Congress on April 10, saying, “In general, bounty programs are an important part of the security arsenal for hardening a lot of systems.”
All legitimate reports will be reviewed and responded to as quickly as possible. If the abuse is confirmed, the company will shut down the offending app and will take legal action if necessary. The company also plans to alert those who they believe were affected by the breach.
In 2017, Facebook paid $40,000 to a researcher who found a major flaw in imaging processing app ImageMagick that made Facebook’s servers vulnerable to hackers. That represents the largest bug bounty Facebook has paid to date.
For more information, visit Facebook’s Data Abuse Bounty Program FAQ page.