Facebook Increases Average Bounty rewards for High Impact Vulnerabilities

Facebook increases the average payout for security researchers to encourage them to find high impact Vulnerabilities. The researchers who find account takeover vulnerabilities that lead to full account takeover without user consent will be rewarded up to $40,000.

The change in payout for bounties applicable to other products owned by Facebook including Instagram, WhatsApp, and Oculus.

High Impact Vulnerabilities

For researchers who detect a complete account takeover, including access tokens leakage or the ability to access users’ valid sessions are rewarded with the bounty of $40,000 for vulnerabilities without user interaction and $25,000 for the one with minimum user interaction.

Last September Facebook revealed a security breach that exposes 50 million accounts access tokens, hackers steal the access tokens by exploiting a bug in View As a feature.

Our goal is to ensure that these vulnerabilities such as the one disclosed in September are reported to us in the most responsible and timely manner.

The account takeover vulnerability allows an attacker to take complete control over the user account and access victims’ personal and group conversations, photos, videos, and other shared files, contact lists, and more.

The social media giant recently introduced Rewards for Rewards for Access Token Exposure, under this researchers will be rewarded for finding vulnerabilities in third-party apps and websites that exposes Facebook user access tokens.

“While monetary reward may not be the strongest incentive for why bug bounty researchers hack, we believe it remains a strong motivator for our white hat researchers to invest time in helping us identify and mitigate vulnerabilities reads facebook post.”

Bug Bounty program employs crowdsource security researchers will diverse skill set covering a wide of vulnerability scenarios and advanced threats. There are many apprehensions and misconceptions among large organizations about bug bounty programs regarding trust, talent base, managing security researchers, and more.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Bug Bounty courses online to keep your self-updated

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Blue Yonder Ransomware Attack Impacts Starbucks & Multiple Supermarkets

A ransomware attack on Blue Yonder, a leading supply chain management software provider, has created…

46 minutes ago

Dell Wyse Management Suite Vulnerabilities Let Attackers Exploit Affected Systems Remotely

Dell Technologies has released a security update for its Wyse Management Suite (WMS) to address…

1 hour ago

CISA Details Red Team Assessment Including TTPs & Network Defense

The Cybersecurity and Infrastructure Security Agency (CISA) recently detailed findings from a Red Team Assessment…

1 hour ago

IBM Workload Scheduler Vulnerability Stores User Credentials in Plain Text

IBM has issued a security bulletin warning customers about a vulnerability in its Workload Scheduler…

2 hours ago

Multiple Flaws With Android & Google Pixel Devices Let Attackers Elevate Privileges

Several high-severity vulnerabilities have been identified in Android and Google Pixel devices, exposing millions of…

2 hours ago

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…

18 hours ago