Sunday, June 15, 2025

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Creators Network
    • Latest Posts
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
SBN News Security Bloggers Network 

Home » Cybersecurity » SBN News » Facebook to pay ethical hackers $40,000 for reporting a single account-takeover bug

SBN

Facebook to pay ethical hackers $40,000 for reporting a single account-takeover bug

by Filip Truta on November 27, 2018

Amid mounting criticism from regulators and users over its data protection practices, Facebook is extending an olive branch to the ethical hacker community, increasing its bug bounty rewards while decreasing the technical overhead. White hats can earn as much as $40,000 for a single account-takeover bug.

The announcement was made on the social network’s Bug Bounty page, where Facebook encourages white hat hackers to poke at the platform in every way imaginable to find any undiscovered flaws before bad actors do so. But despite boasting a bug bounty program for over 7 years now, Facebook has been plagued by leaks and attacks. In an effort to thwart these business-wrecking occurrences, the company is now planning to give ethical hackers more incentive to find holes in its platform. From the official announcement:

Techstrong Gang Youtube
AWS Hub

Today, to encourage security researchers to work on finding high impact issues, we are increasing the average payout for account takeover bugs. Our goal is to ensure that these vulnerabilities such as the one disclosed in September are reported to us in the most responsible and timely manner.

The researchers who find vulnerabilities that can lead to a full account takeover, including access tokens leakage or the ability to access users’ valid sessions, will be rewarded an average bounty of:

* $40,000 if user interaction is not required at all, or

* $25,000 if minimum user interaction is required

The program extends to other services owned by the web giant, including Instagram, WhatsApp and Oculus. Hackers will not be required to present a full exploit chain if the process requires bypassing the Linkshism mechanism, described here. Facebook wants hackers to be able to share their proof-of-concept without having to also bypass additional security layers.

“By increasing the award for account takeover vulnerabilities and decreasing the technical overhead necessary to be eligible for bug bounty, we hope to encourage an even larger number of high quality submissions from our existing and new white hat researchers to help us secure over 2 billion users,” Facebook said.

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Filip Truta. Read the original post at: https://hotforsecurity.bitdefender.com/blog/facebook-to-pay-ethical-hackers-40000-for-reporting-a-single-account-takeover-bug-20605.html

November 27, 2018November 27, 2018 Filip Truta account takeover, bug bounty, bug bounty program, bug reward, facebook, Industry News, social network, Social networks
  • ← PCI Pal Achieves PCI DSS Certification for seventh Consecutive Year
  • SafeCase and Beyond; Safeguarding Smartphone Data →

Techstrong TV

Click full-screen to enable volume control
Watch latest episodes and shows

Tech Field Day Events

Upcoming Webinars

How to Spot and Stop Security Risks From Unmanaged AI Tools

Podcast

Listen to all of our podcasts

Press Releases

GoPlus's Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Subscribe to our Newsletters

ThreatLocker

Most Read on the Boulevard

Meta AI is a ‘Privacy Disaster’ — OK Boomer
Zero-Click Flaw in Microsoft Copilot Illustrates AI Agent, RAG Risks
Microsoft Data Loss Prevention (DLP): Tips to Protect Your Business Following the Latest Outage
File Data: The Hidden Ransomware Threat Costing Enterprises Millions
Why Open-Source Encryption and Automated Key Rotation Aren’t Enough Without Certificate Management
New Cybersecurity Executive Order: What You Need To Know
LLM vector and embedding risks and how to defend against them
Microsoft’s Security Update in June of High-Risk Vulnerability Notice for Multiple Products
Patch Tuesday Update – June 2025
DNS Rebind Protection Revisited

Industry Spotlight

Meta AI is a ‘Privacy Disaster’ — OK Boomer
Application Security Cloud Security Cyberlaw Cybersecurity Data Privacy DevOps Featured Governance, Risk & Compliance Humor Industry Spotlight Mobile Security Most Read This Week News Popular Post Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threats & Breaches 

Meta AI is a ‘Privacy Disaster’ — OK Boomer

June 13, 2025 Richi Jennings | 2 days ago 0
Huge Food Wholesaler Paralyzed by Hack — is it Scattered Spider Again?
Analytics & Intelligence Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Malware Most Read This Week Network Security News Popular Post Ransomware Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Huge Food Wholesaler Paralyzed by Hack — is it Scattered Spider Again?

June 10, 2025 Richi Jennings | Jun 10 0
Meta’s Secret Spyware: ‘Local Mess’ Hack Tracks You Across the Web
Application Security Cloud Security Cyberlaw Cybersecurity Data Privacy DevOps Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threats & Breaches Vulnerabilities 

Meta’s Secret Spyware: ‘Local Mess’ Hack Tracks You Across the Web

June 4, 2025 Richi Jennings | Jun 04 0

Top Stories

Zero-Click Flaw in Microsoft Copilot Illustrates AI Agent, RAG Risks
Cloud Security Cybersecurity Data Privacy Data Security Featured Identity & Access Malware Mobile Security Network Security News Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Vulnerabilities 

Zero-Click Flaw in Microsoft Copilot Illustrates AI Agent, RAG Risks

June 13, 2025 Jeffrey Burt | 2 days ago 0
BADBOX 2.0 Botnet Infects Million-Plus Devices, FBI Says
Application Security Cloud Security Cybersecurity Data Security Featured IoT & ICS Security Malware Mobile Security Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence 

BADBOX 2.0 Botnet Infects Million-Plus Devices, FBI Says

June 9, 2025 Jeffrey Burt | Jun 09 0
Trump EO Takes Aim at Biden, Obama Provisions for Identity, Sanctions, AI
Cloud Security Cyberlaw Cybersecurity Data Security DevOps Featured Identity & Access Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight 

Trump EO Takes Aim at Biden, Obama Provisions for Identity, Sanctions, AI

June 9, 2025 Jeffrey Burt | Jun 09 0

Security Humor

Facebook CEO Mark Zuckerberg announces the plan to make Facebook more private at Facebook’s Developer Conference on April 30, 2019

Meta AI is a ‘Privacy Disaster’ — OK Boomer

Download Free eBook

7 Must-Read eBooks for Security Professionals

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Creators Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2025 Techstrong Group Inc. All rights reserved.
×