"Facebook Will Reward Researchers for Reporting Scraping Bugs"

Facebook today announced that it is expanding its bug bounty and data bounty programs to reward security researchers for reporting scraping vulnerabilities and databases.  As part of its bug bounty program, the company will pay monetary rewards to security researchers who discover flaws that allow attackers to bypass existing scraping limitations and gain access to data at scale.  Facebook says it is seeking ways to make scraping more costly for the attackers and is now starting a private bounty track with Gold+ HackerPlus researchers to reward reports on scraping methods.  Facebook stated that they are looking to reward researchers who identify and report “unprotected or openly public databases containing at least 100,000 unique Facebook user records with PII or sensitive data,” email and physical addresses, phone numbers, and affiliation.  The reported databases should be unique and previously unknown, and Facebook says it will work with relevant parties to remove the datasets, including contacting law enforcement where necessary, contacting web services providers, or working with developers to address potential vulnerabilities.  Facebook promises monetary rewards for valid reports on scraping issues and says it will match valid reports of scraped datasets with charity donations.  The minimum bounty payout will be $500.  So far, in 2021, the social media platform paid over $2.3 million in bug bounty rewards for more than 800 valid reports (out of 25,000 received) from researchers in more than 46 countries. 

SecurityWeek reports: "Facebook Will Reward Researchers for Reporting Scraping Bugs"