Saturday, October 12, 2024
HomeBug BountyFacebook Increases Average Bounty rewards for High Impact Vulnerabilities

Facebook Increases Average Bounty rewards for High Impact Vulnerabilities

Published on

Malware protection

Facebook increases the average payout for security researchers to encourage them to find high impact Vulnerabilities. The researchers who find account takeover vulnerabilities that lead to full account takeover without user consent will be rewarded up to $40,000.

The change in payout for bounties applicable to other products owned by Facebook including Instagram, WhatsApp, and Oculus.

High Impact Vulnerabilities

For researchers who detect a complete account takeover, including access tokens leakage or the ability to access users’ valid sessions are rewarded with the bounty of $40,000 for vulnerabilities without user interaction and $25,000 for the one with minimum user interaction.

- Advertisement - SIEM as a Service

Last September Facebook revealed a security breach that exposes 50 million accounts access tokens, hackers steal the access tokens by exploiting a bug in View As a feature.

Our goal is to ensure that these vulnerabilities such as the one disclosed in September are reported to us in the most responsible and timely manner.

The account takeover vulnerability allows an attacker to take complete control over the user account and access victims’ personal and group conversations, photos, videos, and other shared files, contact lists, and more.

The social media giant recently introduced Rewards for Rewards for Access Token Exposure, under this researchers will be rewarded for finding vulnerabilities in third-party apps and websites that exposes Facebook user access tokens.

“While monetary reward may not be the strongest incentive for why bug bounty researchers hack, we believe it remains a strong motivator for our white hat researchers to invest time in helping us identify and mitigate vulnerabilities reads facebook post.”

Bug Bounty program employs crowdsource security researchers will diverse skill set covering a wide of vulnerability scenarios and advanced threats. There are many apprehensions and misconceptions among large organizations about bug bounty programs regarding trust, talent base, managing security researchers, and more.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Bug Bounty courses online to keep your self-updated

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication...

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication...

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Foxit PDF Reader Vulnerability Let Attackers Execute Arbitary Code

Researchers recently disclosed six new security vulnerabilities across various software, as one critical vulnerability...