Facebook to expand rewards for hackers

Facebook is to expand its reward scheme for hackers who uncover vulnerabilities in its products to include network vulnerabilities

Facebook is to expand its reward scheme for hackers who uncover vulnerabilities in its products to include network vulnerabilities.  

Details of the expanded scheme are to be announced this week at the DefCon Hacking Conference in Las Vegas, according to Bloomberg News.

The move comes after its security team received a tip about a vulnerability in its network in May, which was fixed quickly because it would have enabled eavesdropping if exploited.  

Facebook's chief security officer Joe Sullivan said the decision to expand grew out of the success of the bounty programme for products.

While most companies shun what they consider a risky practice, Facebook is among a small group of large firms, which includes Google, Mozilla and Microsoft, that believes so-called "bug bounties" are a way of making computer systems more secure.

Facebook has a big incentive to find ways to protect the personal data of more than 900 million users, because a large breach could be fatal to the social networking firm.

Under its current reward scheme for product vulnerabilities, Facebook has paid from $500 to $10,000 for bug reports, and to date has paid out a total of $400,000 in rewards.

Facebook has indicated that there is no limit to what it will pay to catch weaknesses in internal networks. Ryan McGeehan, who manages Facebook’s security-incident response unit, is quoted as saying: “If there’s a million-dollar bug, we will pay it out.” 

Security researchers said corporate networks are attacked constantly, so it is a wise move by Facebook to engage outsiders who are willing to report bugs instead of selling them to criminals.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on Privacy and data protection

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.




  • Passive Python Network Mapping

    In this excerpt from chapter two of Passive Python Network Mapping, author Chet Hosmer discusses securing your devices against ...

  • Protecting Patient Information

    In this excerpt from chapter two of Protecting Patient Information, author Paul Cerrato discusses the consequences of data ...

  • Mobile Security and Privacy

    In this excerpt from chapter 11 of Mobile Security and Privacy, authors Raymond Choo and Man Ho Au discuss privacy and anonymity ...