Meta (NASDAQ: FB) formerly Facebook New Bug Bounty Data Scraping

Meta Platforms Inc. (NASDAQ: FB) formerly Facebook, once used the process data “scraping”. Today Meta announced a new enhancement to its bug bounty program with the launch of an industry-first bug bounty program for data “scraping” as well as offering further education opportunities for researchers.

The social networking service originally launched as FaceMash on October 28, 2003, before changing its name to TheFacebook on February 4, 2004. In 2004, Napster founder and angel investor Sean Parker became the company’s president. The company changed the site’s name from TheFacebook to just Facebook after purchasing the domain name in 2005 for $200,000.

The Meta bug bounty program will now award valid reports about scraping methods, even if the data they target is public. The program will allow Meta, previously Facebook, to find vulnerabilities that enable attackers to bypass scraping limitations to access data at a greater scale than the product intended. Doing so will allow Meta quickly to identify and counter scenarios that might make scraping less costly to execute.

In addition, Meta is also expanding its data bounty program to reward reports of unprotected or openly public databases containing at least 100,000 unique Facebook user records with personally identifiable information or sensitive data such as email, phone number, physical address, religious or political affiliation. To qualify, the reported dataset must be unique and not previously known or reported to Meta.

Bug Bounty Mechanics

If a database is confirmed as including PII and was scraped and exposed online, Meta will work with the relevant entity to remove the dataset or seek legal means to ensure the issue is addressed. To avoid providing an incentive for scraping activity — where a person may intentionally scape the data then present it to Meta — bounty payments for valid reports of scraped datasets will be made in the form of charity donations to nonprofits of the researcher’s choosing.

To encourage and help cultivate a more sustained interest among new and existing researchers, Meta is also expanding education opportunities, especially certain bug areas that are difficult to transition between, such as software-to-hardware bug hunting.

Later this year, Meta will also launch a dedicated education center to help quickly onboard bug bounty researchers onto different products and technologies so that they can cut the time it takes to hunt new areas for bugs.

Since the launch of its bug bounty program in 2011, Meta has paid more than $14 million in bug bounties and received more than 150,000 reports, of which more than 7,800 were awarded a bounty. So far this year, the company awarded more than $2.3 million to researchers from 46 countries.

300K Leaked Data Goldmine for Scammers Amazon Shopify | efani SAFE

Security researchers have found a misconfigured cloud-hosted database leaking over 300,000 records, including sensitive personal information on e-commerce buyers.

A team at Safety Detectives found the leaky Elasticsearch database on July 25 this year but claimed the content had been exposed without any password protection or encryption since November 2020.

Its efforts to close the leak have so far proven unsuccessful, after hosting firm Alibaba did not reply to the team’s outreach, and the identity of the database owner remains a mystery.

All Safety Detectives has been able to ascertain from the 500MB data leak is that the owner is a Chinese ERP provider serving businesses that sell goods on platforms like Amazon and Shopify.

Around half of the 329,000 exposed records contained buyers’ names, phone numbers, email, billing, and delivery addresses, according to the report. In some cases, seller names, email addresses, and billing information were also leaked.

German, French, and Danish e-commerce customers featured among the haul, with as many as 150,000 potentially exposed, the report claimed.

The leaked data would be a goldmine for scammers, who are past masters at reusing personal information in follow-on phishing and identity fraud attempts designed to elicit more sensitive financial info.

“Home addresses are available on the database too. This makes home invasion/burglary a real possibility if personally identifiable information (PII) is sold on to other criminals. Thieves may target users who make high-value orders in the hope the victim’s house is full of expensive goods,” the report claimed.

“Theft of ordered goods is another risk associated with leaked order details. Tracking links, shipment times, courier information, delivery addresses, and order information provide criminals with enough data to intercept and steal a user’s ordered goods.”

If the database owner is finally tracked down, they could face investigation from regulators of both the GDPR and China’s new equivalent legislation, the Personal Information Protection Law (PIPL).

Shopify powers a lot of the e-commerce world. As a result, both consumers and business owners face the prospect of scams. After all, where there is money to be made, there are individuals looking to take advantage.

Fortunately, as Shopify continues to flourish, the platform certainly offers way more good than bad. However, everyone should be aware of the downsides (like everywhere on the internet) of a massive platform. To help, a few of the most well-known Shopify scams target consumers and business owners.

Off Platform Sales Scam
A common scheme starts off with a trusted purchase process. The so-called direct client scheme turns into a scam as routine purchases move off the e-commerce platform. For example, a “real” site with true inventory seeks consumers. Customers find the site and make a purchase. The scam site sells and delivers the merchandise as expected.

Everyone is happy. However, after a few purchases, the scammers reach out and request a sale completed off the trusted platform due to excessive fees. The consumer makes the purchase, but the merchandise is never provided. In the end, the scammer makes a little profit from each good sale and then a lot on the final sale.