Meta Platforms Inc. (NASDAQ: FB) formerly Facebook, once used the process data “scraping”. Today Meta announced a new enhancement to its bug bounty program with the launch of an industry-first bug bounty program for data “scraping” as well as offering further education opportunities for researchers.
The social networking service originally launched as FaceMash on October 28, 2003, before changing its name to TheFacebook on February 4, 2004. In 2004, Napster founder and angel investor Sean Parker became the company’s president. The company changed the site’s name from TheFacebook to just Facebook after purchasing the domain name facebook.com in 2005 for $200,000.
The Meta bug bounty program will now award valid reports about scraping methods, even if the data they target is public. The program will allow Meta, previously Facebook, to find vulnerabilities that enable attackers to bypass scraping limitations to access data at a greater scale than the product intended. Doing so will allow Meta quickly to identify and counter scenarios that might make scraping less costly to execute.
In addition, Meta is also expanding its data bounty program to reward reports of unprotected or openly public databases containing at least 100,000 unique Facebook user records with personally identifiable information or sensitive data such as email, phone number, physical address, religious or political affiliation. To qualify, the reported dataset must be unique and not previously known or reported to Meta.
Bug Bounty Mechanics
If a database is confirmed as including PII and was scraped and exposed online, Meta will work with the relevant entity to remove the dataset or seek legal means to ensure the issue is addressed. To avoid providing an incentive for scraping activity — where a person may intentionally scape the data then present it to Meta — bounty payments for valid reports of scraped datasets will be made in the form of charity donations to nonprofits of the researcher’s choosing.
To encourage and help cultivate a more sustained interest among new and existing researchers, Meta is also expanding education opportunities, especially certain bug areas that are difficult to transition between, such as software-to-hardware bug hunting.
Later this year, Meta will also launch a dedicated education center to help quickly onboard bug bounty researchers onto different products and technologies so that they can cut the time it takes to hunt new areas for bugs.
Since the launch of its bug bounty program in 2011, Meta has paid more than $14 million in bug bounties and received more than 150,000 reports, of which more than 7,800 were awarded a bounty. So far this year, the company awarded more than $2.3 million to researchers from 46 countries.