Facebook has launched a new bug bounty program offering tens of thousands of dollars to developers who can uncover vulnerabilities that’s allow threat actors to hijack user accounts. But at the same time, they are appealing against penalties levied against them in the UK over the Cambridge Analytica scandal.
The bug bounty program for security researchers offers $40,000 if no user interaction is required to exploit the vulnerability or $25,000 if minimum user interaction is required. Those are quite hefty payments but they are quite small compared to what a researcher might fetch on the dark web for such a significant vulnerability.
The program applies to Facebook, Instagram, WhatsApp and Oculus.
Interestingly, Facebook isn’t asking for the full exploit chain in these cases so researchers won’t have to reveal how they bypassed Facebook’s defences.
At the same time, Facebook is appealing a £500,000 fine over the Cambridge Analytica scandal, saying the fine issued by the UK’s Information Commissioner’s Office wasn’t reasonable as that regulator didn’t present evidence that any specific UK citizen had their data improperly shared.
Part of its defence against the fine is that the penalty could set a precedent that impacts how all people share data online. For example, they say it could prevent people from forwarding a message without the original sender’s explicit consent.
And while that’s not illegal, it is a little rude – just ask Claire Swire.