Bug Bounty: Facebook To Reward Hackers For Fixing Data Scraping Bugs & Scraped Datasets

NEW DELHI: Meta Platforms, formerly known as Facebook, has announced that it is expanding its bug bounty programme to begin rewarding genuine reports of scraping vulnerabilities across its platforms, as well as reports of scraping data sets that are publicly available.

“We know that automated behaviour aimed at scraping people’s public and private data targets every website or service,” said Dan Gurfinkel, Meta’s security engineering manager.

“We also know that it is a highly hostile arena in which scrapers — whether malicious apps, websites, or scripts — constantly alter their strategies to avoid detection in reaction to the defences we build and improve,” he added.

To that end, the social media behemoth intends to financially compensate valid reports of scraping bugs in its service and to identify unprotected or openly public databases containing at least 100,000 unique Facebook user records containing personally identifiable information (PII) such as email, phone number, physical address, religious or political affiliation. The only stipulation is that the given data set be unique and previously unknown.

ALSO READ: Facebook Officials During Delhi Assembly Panel Questioning say Don’t Want Hate On Our Platform; Refuse To Share Action Taken On Delhi Riots

If the necessary circumstances are met, the company stated that it will take appropriate action, including legal action, to remove the data from the non-Meta website.

This could also entail contacting hosting providers such as Amazon, Box, and Dropbox to pull the data set offline, or collaborating with third-party app developers to remedy server misconfigurations.

Reports about scraped databases will be rewarded with matched charity donations to a charity of the researchers’ choice.

The move to limit unauthorised scraping, a technique for extracting data from websites, is part of the company’s efforts to limit abuse of people’s data on its platform in the aftermath of the infamous Cambridge Analytica data scandal, which resulted in the personal information of millions of Facebook users being harvested without their consent for political advertising.

ALSO READ: Facebook’s New Kid On The Block: Metaverse – Privacy & Security Challenges

That isn’t everything. Earlier in April, the phone numbers of 533 million Facebook users were freely posted on a cybercrime website, based on data scraped from the platform.

Meta filed a complaint on Friday in October 2021 against a Ukrainian national named Alexander Alexandrovich Solonchenko for allegedly scraping and selling the personal data of over 178 million Facebook users on an underground site.

Since the program’s beginning in 2011, the business has given out over $14 million in bounties, with $2.3 million awarded to academics from more than 46 nations this year alone. According to Meta, the majority of legitimate reports in the last ten years have come from India, the United States, and Nepal.

Follow The420.in on

 Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube