Facebook Will Pay You $500 If You Do This One Thing

Joel Lee 07-10-2015

Back in 2011, Facebook started giving out money rewards to people who found security holes in the Facebook website. One person found a big bug and earned $5,000 for reporting it. Another earned over $7,000 for reporting six separate but smaller bugs.


So the next time you spot a security vulnerability, don’t delay! Report it right away and you may be in for some sweet cash. The minimum payout for a legitimate report is $500, but as shown above, Facebook will pay more for bugs that are more serious. There is no stated maximum payout.

But there are a few caveats:

As long as you adhere to the above, Facebook will not bring forth any lawsuits or investigations against you. This offer also exists for products owned by Facebook, like Instagram and Oculus.


The Facebook Bug Bounty feed shows real bounties paid out for real issues. For more details on how to participate, visit the Facebook White Hat page. Note: Why is it called White Hat? 5 Of The World’s Most Famous And Most Influential White Hat Hackers In this article, I’m going to jump back to the original definition and explore the world of “good hackers,” otherwise known as “white hat hackers.”Let’s take a look at five of the most influential computer... Read More


Did you know Facebook did this? Have you ever found a bug in Facebook’s website? How secure do you think Facebook is? Let us know in comments!

Image Credit: Facebook and Coffee by Twin Design via Shutterstock

Related topics: Facebook, Online Security.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Anonymous
    October 7, 2015 at 11:19 am

    "Your bounty is forfeited if you go public with the bug"

    > "Have you ever found a bug in Facebook’s website? [...]"
    >> "Let us know in comments!"


    • Joel Lee
      October 7, 2015 at 12:41 pm

      Good catch! I meant to say that you can't go public with it before Facebook acknowledges the bug report. Once you've given Facebook "reasonable time" to react to the bug, going public is fair game. It's explained in greater details on the actual page of eligibility criteria. Thanks Illutian!