Sunday, May 4, 2025
HomeBug BountyMeta's Bug Bounty Initiative Pays $2.3 Million to Security Researchers in 2024

Meta’s Bug Bounty Initiative Pays $2.3 Million to Security Researchers in 2024

Published on

SIEM as a Service

Follow Us on Google News

Meta’s commitment to cybersecurity took center stage in 2024 as the tech giant awarded over $2.3 million in payouts to global security researchers participating in its bug bounty program.

Since its inception in 2011, the initiative has grown into a pillar of Meta’s defense strategy, with total payouts now exceeding $20 million.

This annual highlight reflects Meta’s ongoing collaboration with the security research community to enhance the safety and reliability of cutting-edge technologies like Generative AI (GenAI), augmented and virtual reality (AR/VR), and advertising tools.

- Advertisement - Google News

The company celebrated these contributions at its annual Bug Bounty Summit and other high-profile security events throughout the year.

In 2024, Meta expanded its bug bounty program, bringing in nearly 10,000 reports from security researchers worldwide.

The company awarded bounties on around 600 valid submissions, sharing payouts with nearly 200 researchers from over 45 countries.

Notably, India, Nepal, and the United States emerged as the top three countries in terms of total bounties earned.

GenAI-Focused Research

Meta doubled down on engaging bug bounty researchers in its generative AI initiatives.

Building on its 2023 launch of generative AI features, the company encouraged submissions of security reports related to its large language models (LLMs).

Researchers were invited to assess privacy or security vulnerabilities, such as training data extraction through model inversion or other sophisticated tactics.

Meta credits its research community with providing impactful reports that bolster the integrity of its GenAI tools.

Strengthening Ads Tools and Hardware Security

Meta also targeted its ads audience tools and mixed reality hardware for security improvements.

It introduced specific payout guidelines for vulnerabilities in its advertising tools, offering maximum base payouts of $30,000 for critical issues involving personally identifiable information (PII).

On the hardware front, researchers identified potential issues in Quest devices and other AR/VR technologies.

Meta also showcased its cutting-edge hardware products at conferences like hardwear.io USA, enabling researchers to uncover and address vulnerabilities.

Meta continues to foster collaboration with its global bug bounty community.

In 2024, it hosted the Meta Bug Bounty Researcher Conference (MBBRC) in Johannesburg, South Africa, welcoming 60 top researchers.

The event saw over $320,000 in awards for notable contributions. Looking ahead, the 2025 MBBRC will take place in Tokyo, Japan, signaling Meta’s commitment to expanding its research engagement globally.

The program also celebrated long-time contributors like Philippe Harewood, who reached a 10-year milestone with over 500 valid reports.

His notable accomplishments include research on Instagram access token leaks and Ray-Ban Stories vulnerabilities.

As Meta continues its journey into 2025 and beyond, it remains dedicated to empowering researchers, providing resources for innovative security exploration, and maintaining its platforms’ safety for a global audience.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Claude AI Abused in Influence-as-a-Service Operations and Campaigns

Claude AI, developed by Anthropic, has been exploited by malicious actors in a range...

Threat Actors Attacking U.S. Citizens Via Social Engineering Attack

As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting...

TerraStealer Strikes: Browser Credential & Sensitive‑Data Heists on the Rise

Insikt Group has uncovered two new malware families, TerraStealerV2 and TerraLogger, attributed to the...

MintsLoader Malware Uses Sandbox and Virtual Machine Evasion Techniques

MintsLoader, a malicious loader first observed in 2024, has emerged as a formidable tool...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Claude AI Abused in Influence-as-a-Service Operations and Campaigns

Claude AI, developed by Anthropic, has been exploited by malicious actors in a range...

Threat Actors Attacking U.S. Citizens Via Social Engineering Attack

As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting...

TerraStealer Strikes: Browser Credential & Sensitive‑Data Heists on the Rise

Insikt Group has uncovered two new malware families, TerraStealerV2 and TerraLogger, attributed to the...