Facebook Bug Bounty Program: A Desperate Attempt To Win Back Users’ Trust?

Must Read

Aadhaar-PAN Card linking Deadline Extends!

: The deadline for linking Aadhaar with PAN has been extended by six months, from September 30, 2021 to...

Average Salary Hike In India: 8.6% In 2022, IT Sector Will Offer the Highest [REPORT]

The latest Deloitte’s Workforce and Increment Trends 2021 survey has addressed salary increment by industry, bonus or variable pay plans,...

Sony Zee Merger In India: Could Change the Dynamics of Indian Media Industry!

India's two biggest media networks Sony Pictures Networks India (SPNI) and Zee Entertainment Enterprises Ltd. (ZEEL) announced their merger,...

Companies and business are observed confiding to users perceptions before taking a decision on an important issue or planning on their next move. The end user of a product or service is most likely to know both the good and bad implications of it. But a few years back brands started hiring professionals in a bid to identify loopholes in the solution/apps that may prove fatal for companies as well as their customers or users. Despite all checks and balances, it’s always difficult to tag a solution/platform with ‘an absolute secure’. The always evolving need of a business keep offerings vulnerable to a certain extent.

Facebook Inc. (NASDAQ:FB) has been known to police itself since its inception, but in the wake of ongoing data breach scandal, the social media giant has decided to cut user some slack. Facebook launched a program yesterday that is called Data Abuse bounty. The purpose is pretty obvious; it will reward the users who report any data breach or misuse of data by app developers.

Facebook Bug Bounty Program Targets Malicious Apps

If someone has an evidence or first-hand knowledge about any app that is violating Facebook’s terms of services by collecting and transferring users’ data to another party to be sold, stolen, or used for political influence or scams, they can notify Facebook through this program. If the data abuse report is confirmed, Facebook will “shut down the offending app and take legal action against the company selling or buying the data, if necessary“. Facebook has not said anything about a maximum reward for a successful trip, but this program is inspired by the existing bug bounty program, and people who brought “high impact bud reports” to attention have been rewarded with up to $40,000. Facebook says it will review all the legitimate reports and respond the users about the credible threat to their data as quickly as possible. The payout will be based on the impact of each report and also the people Facebook believes to be affected will be alerted subsequently.


This move resonates with Facebook’s previous steps like disabling the search tool so that ‘malicious actors’ don’t misuse people’s data. Also recently, Facebook announced that it is coming up with an unsend feature in messenger after Zuckerberg’s messages were secretly retracted from users’ inboxes; one can’t be fairly certain how this will better the scenario, for both users and Facebook. Considering the recent backlash, the social network turning to its users and incentivizing them seems only logical at this point. Obviously, this won’t suffice the users whose data was compromised in Cambridge Analytica files; what price can one put on his personal data, right? But, this step is likely to obstruct any data abuse through suspicious apps in future.

Despite Facebook’s indiscretions and current ambivalence of users, the social network has managed to roll out reasonable changes in its privacy terms and data use policy. It has restricted apps for accessing information by limiting Facebook login data, besides making changes in policies regarding political ads. A new initiative has been announced to assess the role of Facebook in elections.

Companies making use of bounty programs is not new. Software security researchers are increasingly engaging with bounty programs to hunt down vulnerabilities. Bugcrowd and HackerOne, both launched in 2012, have become popular in the growing bug bounty market. They have a bug-hunting community of white hat hackers.

SecurityTrail, a Security and Intelligence firm, has a data bounty program for finding particularly interesting cases in their 30TB data set. Furthermore, the search engine giant Google paid a hefty $2.9 million in bug bounties in 2017. Some other reputed companies who announced bounty programs in 2018 are:

  • Intel – offering a maximum payout of $30,000 for detecting critical bugs in their hardware, software or firmware
  • Cisco – offering a bounty for some serious vulnerability;
  • Apple – launched its bug bounty program to breach Apple’s Secure Enclave Technology. The Cupertino giant had launched its first ever bug bounty program in September 2016, offered up to $200,000 for successfully finding vulnerabilities in its products.


Please enter your comment!
Please enter your name here

Latest News

The YouTube Partner Program: Build An Audience of Subscribers

Since it first launched in 2005, YouTube has grown to become the king of online streaming video by democratizing...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded and unparalleled...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter, with a...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one of the...

More Articles Like This