Meta Platforms, formerly known as Facebook, has announced that it’s scaling up its bug bounty program. The bug bounty program will start rewarding genuine reports of scraping vulnerabilities relating to its several platforms.
“We know that automated activity designed to scrape people’s public and private data targets every website or service,” said Dan Gurfinkel, security engineering manager at Meta. “We also know that it is a highly adversarial space where scrapers — be it malicious apps, websites or scripts — constantly adapt their tactics to evade detection in response to the defenses we build and improve.”
To that end, the social media giant aims to monetarily compensate for valid reports of scraping bugs in its service and identify unprotected or openly public databases containing no less than 100,000 unique Facebook user records with personally identifiable information (PII) such as email, phone number, physical address, religious, or political affiliation. The only caveat is that the reported data set must be unique and not previously known.
“Our goal is to quickly identify and counter scenarios that might make scraping less costly for malicious actors to execute,” Gurfinkel noted, adding “we want to particularly encourage research into logic bypass issues that can allow access to information via unintended mechanisms, even if proper rate limits exist.”
The company’s concern to thwart unauthorized scraping comes after it was rocked by the infamous Cambridge Analytica data scandal. Scraping is a technique in which data is extracted from websites. Cambridge Analytica brought to light the illegal data harvesting of millions of Facebook users.
The company reported that it has paid over $14 million in bounties since the inception of the program in 2011, with $2.3 million awarded to researchers from more than 46 countries this year. Valid reports have predominantly come from India, the U.S., and Nepal over the last 10 years, Meta stated.