LOGO

Meta Expands Bug Bounty to Include Scraped Data Discoveries

December 15, 2021
Topics:ColumnFacebookTCtceng
Meta Expands Bug Bounty to Include Scraped Data Discoveries

Meta Broadens Bug Bounty Program to Include Data Scraping

Meta is implementing an expansion of its existing bug bounty program. This update will now incentivize security researchers to report instances of data scraping.

The revised program allows for the reporting of vulnerabilities that could facilitate scraping, as well as previously scraped data that has already been made public.

First of its Kind Program

According to a recent blog post, Meta asserts it is the first organization to introduce a bug bounty program specifically focused on addressing scraping activities.

“Our objective is to identify vulnerabilities that allow malicious actors to circumvent scraping restrictions and access data on a larger scale than originally intended,” explained Dan Gurfinkle, Security Engineering Manager, during a press briefing.

Understanding Data Scraping

Data scraping differs from other forms of malicious activity tracked by Meta. It involves the use of automated tools to gather personal information from user profiles in large quantities.

This information can include details like email addresses, phone numbers, profile pictures, and other personal data. While users may publicly share this information, scraping can lead to wider exposure, such as publication in searchable databases.

Challenges in Combating Scraping

Effectively countering data scraping presents significant challenges for Meta.

For instance, in April, the personal information of over 500 million Facebook users was exposed on an online forum. The initial scraping of this data occurred years earlier, and the underlying vulnerability had already been resolved by the company.

However, once the data began circulating, limited recourse remained. Meta has, in certain instances, pursued legal action against individuals involved in data scraping.

Bug Bounty Program Details

The new bug bounty program will reward researchers for identifying “unprotected or openly public databases containing at least 100,000 unique Facebook user records with PII [personally identifiable information] or sensitive data (e.g. email, phone number, physical address, religious or political affiliation).”

To avoid incentivizing the publication of scraped data, Meta will donate to a charity selected by the researcher instead of providing a traditional monetary payout.

Reporting Options and Rewards

For reports concerning vulnerabilities that could enable data scraping, researchers have the option of receiving either a donation or a direct payout.

Meta confirms that each qualifying bug or dataset will be eligible for a minimum reward of $500.

Editor’s note: This article was originally published on Engadget.

#meta#bug bounty#data scraping#security#user data#platform security

Related Posts

Apple App Store Japan: Now Open to Competition

Apple App Store Japan: Now Open to Competition

Google Tests Email Productivity Assistant

Google Tests Email Productivity Assistant

Ford Enters Battery Storage Market for Data Centers & Grid

Ford Enters Battery Storage Market for Data Centers & Grid

Creative Commons Considers Support for AI Crawl Systems

Creative Commons Considers Support for AI Crawl Systems

iRobot's Decline: How They Lost Their Way

iRobot's Decline: How They Lost Their Way

Rivian AI Assistant Launching in 2026 | Electric Vehicles

Rivian AI Assistant Launching in 2026 | Electric Vehicles