Facebook Bug Bounty Program now gives you handsome amount of money to find loopholes. Now, this program pays a minimum of $500 to those who reveal sites and apps that leak “User Token”. However, Facebook says they will not pay any bounty for an Extremely low-risk issue. A unique ticket via which Facebook identifies you uniquely on the platform.
This decision of Facebook doesn’t affect all the apps and websites. But Facebook tries to hit those rat who quietly crawl on its platform and leaks user personal info via User Token. Don’t take your User Token info lightly, it is so powerful that it can leak every info of you that you till sharing on facebook. Those websites who integrates Log in with Facebook option also fall under the Surveillance.
If somehow you identify an App or website which leaks User Token, you can report to Facebook by filling out the Report Vulnerability Form. If your tip found to be right by the official then they will definitely give you the bounty amount.
Now, Let’s talk about some important details of this Bounty program.
- Suppose two persons report the same issue, then the bounty amount is given to the person who reports the issue first.
- One can donate the bounty amount to a charity if they want. In that case, Facebook official say that they will double that amount.
- Facebook even publish the list of researchers who contributed to this program via this link.
To know deeply about the rules and procedure of this program you can visit the official link.