Back in 2011, Facebook started giving out money rewards to people who found security holes in the Facebook website. One person found a big bug and earned $5,000 for reporting it. Another earned over $7,000 for reporting six separate but smaller bugs.
So the next time you spot a security vulnerability, don't delay! Report it right away and you may be in for some sweet cash. The minimum payout for a legitimate report is $500, but as shown above, Facebook will pay more for bugs that are more serious. There is no stated maximum payout.
But there are a few caveats:
- Only one bounty is paid out per bug.
- Bounties are only paid out to individuals.
- When reporting, you must be able to provide steps that reliably reproduce the bug. Clear instructions are paramount.
- Your bounty is forfeited if you go public with the bug, violate another user's privacy, destroy another user's data, or interrupt Facebook's service.
As long as you adhere to the above, Facebook will not bring forth any lawsuits or investigations against you. This offer also exists for products owned by Facebook, like Instagram and Oculus.
The Facebook Bug Bounty feed shows real bounties paid out for real issues. For more details on how to participate, visit the Facebook White Hat page. Note: Why is it called White Hat?
Did you know Facebook did this? Have you ever found a bug in Facebook's website? How secure do you think Facebook is? Let us know in comments!
Image Credit: Facebook and Coffee by Twin Design via Shutterstock