Meta has just announced the extension of its bug bounty platform to include vulnerabilities that could be exploited for data mining or scraping.
On Wednesday, the social media giant, which just changed its name from Facebook to Meta, said the two new areas of investigation would revolve around scraping bugs and scraping databases containing user information.
Dan Gurfinkel, Meta’s Security Manager, notes that including valid scratch bugs and exposed databases in a bug bounty program is, to his knowledge, an “industry first.”
Cambridge Analytica and others
In recent years, Meta / Facebook has been involved in numerous incidents related to scraping data from its users. The best known is the Cambridge Analytica scandal, in which the data of 87 million users was extracted and shared without their consent.
More recently, information pertaining to approximately 553 million Facebook users was published. Then, Meta specified that the massive collection of this data took place in 2019.
“We know that automated activity designed to extract data from public and private users is directed at all websites or services,” explains Meta’s security manager. “We also know that this is a highly contradictory space where scrapers, be they malicious apps, websites or scripts, are constantly adapting their tactics to evade detection in response to threats, the defenses we build and improve. “
Bonds from $ 500
Therefore, Meta looks for vulnerabilities that allow circumventing the scraping limitation mechanisms, as well as those that allow scraping “on a scale greater than that foreseen by the product.” In particular, Meta invites researchers to look for logical solutions, although errors that limit speed are also well within its reach.
The databases involved in scraping are open and unprotected public data, discovered online, containing at least 100,000 unique user records, as well as sensitive information such as email addresses and phone numbers.
Meta plans financial rewards starting at $ 500 for vulnerabilities that facilitate scraping, and reports on deleted databases will be combined with donations to charities. Feedback from the “best” bug hunters in the business will be sought prior to expansion.
More than $ 14 million paid in 10 years
Dan Gurfinkel also described the progress the company has made on bug bounties. Since 2011, when the program was launched, more than 150,000 reports have been received, of which more than 7,800 have received a bonus. In total, Meta has donated more than $ 14 million.
In 2021, Meta paid researchers $ 2.3 million for 800 vulnerability reports, out of approximately 25,000.
Earlier this month, Meta also expanded its Facebook Protect program, a service designed to strengthen the security of user accounts that are considered to be at higher risk of being compromised by cyberattacks. By the end of the year, Facebook Protect is expected to be rolled out in more than 50 countries. Like Google and Microsoft, Meta offers this service to people, including lawyers, journalists, human rights activists, and politicians.
Source: .com
Woodmart Theme Nulled, WP Reset Pro, Newspaper 11.2, Newspaper – News & WooCommerce WordPress Theme, Premium Addons for Elementor, Rank Math Seo Pro Weadown, WeaPlay, WordPress Theme, Plugins, PHP Script, Jannah Nulled, Elementor Pro Weadown, Woocommerce Custom Product Ad, Business Consulting Nulled, Jnews 8.1.0 Nulled, Avada 7.4 Nulled, Nulledfire, Dokan Pro Nulled, Yoast Nulled, Flatsome Nulled, PW WooCommerce Gift Cards Pro Nulled, Astra Pro Nulled, Woodmart Theme Nulled, Slider Revolution Nulled, Wordfence Premium Nulled, Elementor Pro Weadown, Wpml Nulled, Consulting 6.1.4 Nulled, Fs Poster Plugin Nulled