Meta, formerly known as Facebook, has announced a rewards program for users that can grant any user rewards starting from $500. Facebook stated in comments reported by the tech site Engadget that it has decided to expand its bug bounty program, allowing any user to earn rewards starting from $500 if they discover stolen data from the company.
The data that users will be rewarded for includes currently stolen data or previously stolen data that the company's management has not yet discovered. Dan Gurfinkel, Meta's Director of Security Engineering, said that finding vulnerabilities that allow attackers to bypass restrictions to access data is a primary goal for us, which is why we have expanded the rewards program this year.
The rewards for stolen data will differ from other rewards related to security and technical vulnerabilities, as these rewards will depend solely on finding that data, and individuals will receive a reward each time they discover stolen data. The rewards will focus on the methods used by certain applications that utilize automated tools to aggregate users' personal information collectively, such as email addresses, phone numbers, profile pictures, and other details, which can later be exploited on a broader scale, such as publishing them on searchable databases.
It is worth noting that Facebook is facing issues controlling the leakage of its users' data, as in April, the personal information of over 500 million Facebook users was published on a forum. Any user who finds an unsecured public database containing at least 100,000 Facebook user accounts will receive a reward, provided it includes their personal or sensitive information, such as email, phone number, physical address, religion, or political affiliation.
