Facebook Launches Bug Bounty Program To Report Data Thieves

Facebook on Tuesday launched a data abuse bug bounty program, just hours ahead of CEO Mark Zuckerberg's testimony to the Senate judiciary and commerce committees in Washington, DC. The bug bounty program is asking for people to report any apps that abuse data on Facebook, and it offers a reward based on how severe the abuse is. From a report: "While there is no maximum, high impact bug reports have garnered as much as $40,000 for people who bring them to our attention," Collin Greene, Facebook's head of product security, said in a post. The new program comes almost a month after the New York Times and the UK's Observer and Guardian papers revealed that Cambridge Analytica, a voter profiling firm, took advantage of a Facebook app to siphon off personal information on 87 million people. The scandal has fanned the flames of a backlash against Facebook by lawmakers and users.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Anonymous Coward]

Moron? Is he dumber than you?
Can you do what he did then?
Left rage never stops being amusing because you could not give a fuck about what Obama and Hillary did because identity politics is noble.
Obama was worse than Bush and did a lot more damage and all you fucks care about is he wasn't white so he gets a pass.

Better idea

[110010001000]

Here is a better idea: do it yourself. You know, actually monitor your website and stuff. It is a radical idea.

Re:

[Anonymous Coward]

Just like we expect the Republican adults in Congress to investigate a very-well-known criminal enterprise replete with bullshit ponzi-style "university" no less....

Oh, grow up, sprout a brain, and fucking drop it already.

The biggest, most corrupt crook in the last election was the one who fucking lost.

Re:

[skovnymfe]

But having an operations team costs money. It's so much easier to just hire more developers who have no clue about operations. DevOps!

Obama campaign? Redirect to /dev/null

[Anonymous Coward]

Where was all this outrage four years ago?

Re:

[jellomizer]

There is a difference between using data that was openly available with links to apps that were open to what they were doing with your data to see that you may fit the demographic that would vote for Obama, and have ads that pop up and say go out and vote for me. Vs. Having apps to trick you into figuring out what political persuasion you are and give you a custom message showing how evil opposition is, not just official running, but how all of their supporters are sub-human monsters. Scheduling rallies fo

Re:

[jellomizer]

Not the agenda. The Tea Party also used social media to push their agenda and brought in a lot of Republicans into the congress to followed their ideals.

Re:

[gnick]

I posted this [politifact.com] in another thread the other day. Some similarities & differences between what the Obama campaign did and what Cambridge Analytica did.

The Obama campaign and Cambridge Analytica both gained access to huge amounts of information about Facebook users and their friends, and in neither case did the friends of app users consent.

But in Obama’s case, direct users knew they were handing over their data to a political campaign. In the Cambridge Analytica case, users only knew were taking a personality quiz for academic purposes.

The Obama campaign used the data to have their supporters contact their most persuadable friends. Cambridge Analytica targeted users and their friends directly with digital ads.

Re:

[jellomizer]

Greetings comrade. How is the weather in Russia?

Re:

[Chris Katko]

Seriously. It's hilarious to watch the mental gymnastics of Google's CEO openly tauting that he's DIRECTLY working with a presidential candidate to "use our data" to help the candidate.

- Facebook sold some ads. Who the fuck reads Facebook ads?
- Google literally used their entire platform (read: tracking your information) + "muh algorithms" to assist a candidate.

And IN RETURN, the CEO got, and I quote, "a virtual open door to access the White House at will"

https://www.googletransparency... [googletran...roject.org]

htt [theintercept.com]

Obligatory Pogo

[Stormwatch]

"We have met the enemy and he is us." - Walt Kelly

Report Der Zuck

[Oswald McWeany]

Facebook Launches Bug Bounty Program To Report Data Thieves (cnet.com)

Hello, I would like to report Mark Zuckerburg please!

Re:Report Der Zuck

[Rosco P. Coltrane]

You can't report Zuck: he ain't a thieve, he's a con artist: he managed to convince his users that giving away their data is a negligible price to pay in exchange for a great service. People are slowly discovering it's the other way around, but it's too late now.

Re:

[Errol backfiring]

If he would only gather your personal information from your account on facepalm, you were right. If he collects data about me from other facepalm accounts, web beacons and other software or services that turn out to be facepalm-owned, the he is a thief.

Re:

[Rosco P. Coltrane]

I doubt it. I bet you anything that deep down in the TOS that all Facebook users have agreed to - after reading it carefully from beginning to end, no doubt - there is a provision saying the users lets FB use and abuse their data any which way it wants.

Re:

[Anonymous Coward]

well put.

if that information your giving to him is so innocuos how come he's worth *billions* from selling it?

Dear Product^h^h^h^h^h^h^hCustomers

[nospam007]

We have so much data about you, your kids, your family, your friends, your vices, your drugs, your vacations and we leak them like a sieve.

Please tell us who captures your data, so that we can send them a bill.

Thanks a lot suckers^h^h^h^h^h^h^h

lol sure

[o_ferguson]

I reported a bug under their last bounty program and they said "while this is a bug, and we will fix it, it's not a 'security bug' so we won't be paying you for reporting it." I hope they die in a fire.

Re:

[HornWumpus]

He's nothing but a low-down, double-dealing, backstabbing, larcenous perverted worm! Hanging's too good for him. Burning's too good for him! He should be torn into little bitsy pieces and buried alive!

Hanover Fiste

Re:

[TwoUtes]

Awesome Heavy Metal reference!

Re:

[stephanruby]

Do you think it was a security-related bug?

Re:

[o_ferguson]

Other than the fact that all bugs are security bugs, yes: it allowed you to post content direct to other users' walls, who were not your friends but in the same group as you, and to do so with no attribution, so the other users could see that you posted it to their wall, but not why you had access to their wall. It was a way to clearly violate their user compartmentalization organization, but they argued that since users had joined groups willingly, their rights hadn't been violated and so it wasn't really

Re:

[ViXiV]

Did this EXACT same shit to me for a CSRF bug where I was able to wipe and brick certain residental routers over their messaging system. They said it needed to be fixed in all the routers in the entire world by the manufacturers instead of incorporating appropriate CSRF filters in messages..... LMFAO, do not trust any bounty program from FB for any reason whatsoever!

Re:

[o_ferguson]

lawsuit time

Re:

[ViXiV]

Apparently they are notorious for worming out of paying for legitimate bug bounty reports. They will refuse to pay you if at all possible and they have gotten really good at scamming security researchers and hackers into free work. IMO a lawsuit would be frivolous as they would likely spend more on their attorneys then paying the actual bounty just to make an example of the researcher and deter others from following suit. Stop reporting bugs to FB and just sell them for what they're actually worth instead o

Re:

[o_ferguson]

So we should kill them?

Needs more commas

[WillAffleckUW]

40,000?

Look, FB, you're facing probable fines with four commas in the US and similar ones in the EU.

Try adding more commas. I'd go for at least two.

Hello Facebook?

[forkfail]

Yes, I'd like to report Facebook, Inc. It seems that they have provided APIs through which they sell private data to anyone with a bank account and a keyboard.

Where can I pick up my check?

Facebook Launches Confession ...

[CaptainDork]

... That They Won't Own Up To A Fucking Thing.

discuss

Proper vs Improper Abuse

[Tominva1045]

So improper abuse is when you skim data off Facebook and market to those people elsewhere. Proper abuse is when you do a Google search on a product and two minutes later it's in your Facebook feed. Got it-

Re:

[bobbied]

Actually, pretty sure it was improper because FB weren't paid enough for the data gathered. If they had been paid, it would have been ok.

The Obama campaign in 2012 didn't pay a cent to Facebook. Download their app and you got your friends information sucked into the DNC's database.. https://www.nationalreview.com... [nationalreview.com]

"Thieves" is the operative word...

[SeaFox]

They want to make sure the only people taking data are the ones paying for it.

How about this one?

[argStyopa]

"Bug: you business model is based on selling data gathered without permission from users; effectively, this is like the Mafia asking people to help guard their loot. I can't imagine the cognitive dissonance needed to sustain that sort of hypocrisy, so it must be a bug?"

Do you think they'd pay me?

Facebook Bug Bounties have Stolen Millions

[ViXiV]

Another Bug Bounty system from Facebook? Except they have been stealing from security researchers since the first bounty program was started by finding loop holes allowing them to not pay those bounties. They neglected to pay at least 2 legitimate bounties for bugs provided by myself stating that the bugs needed to be fixed in every router in the entire world instead of providing filters for it in their own messaging system which they eventually enabled without the bounty being issued. So essentially, they