Facebook raises rewards for a security vulnerabilities to $40,000
For the global social networking giant Facebook, this time should be harrowing, due to security incidents and black public relations and the sale of user data were investigated.
Facebook’s security incident in September leaked up to 87 million user information, and Facebook is no longer able to take on new user data breaches.
To prevent recurrence of security issues, Facebook has just announced that the rewards for the Vulnerability Reward Program will continue to increase, with a single security breach of up to $40,000.
Encourage researchers to find system vulnerabilities in Facebook:
Now if researchers find security holes that require user interaction, such as clicking on individual links, they can get up to $25,000 in financial rewards.
If you find that you don’t need users to interact, you don’t need to do anything to leak data vulnerabilities; you can get up to $40,000 in financial rewards.
The security incident that leaks 87 million user data means that the user requires no interaction, and the attacker directly exploits the vulnerability to obtain an account access token.
But for the attacker, the data value of the 87 million users is far greater than the $40,000 reward, which is also a successful attack for hackers.
Vulnerability rewards include the Facebook central website system and social networking products from Facebook products such as Instagram, WhatsApp and Oculus.
Facebook: Money may not be the most important
Facebook’s update of the Vulnerability Rewards program said the company understood that higher financial incentives might not be the most critical factor in encouraging researchers to look for vulnerabilities.
But Facebook believes that raising financial incentives can provide a powerful incentive for white hat researchers to invest time in researching Facebook vulnerabilities and defending security issues.
Finally, Facebook expressed the hope that more white hat researchers will help find loopholes, and hope that these researchers can share proof-of-concept reports with the company.