Facebook shelled out over $1 million bug bounty payouts

The social networking giant like other tech giants – Microsoft, Google, PayPal – launched its bug bounty program to lure highly talented underground community of hackers to test the security of its platform and to patch vulnerabilities that may exist.

According to Facebook students, security researchers, hackers as well as youngsters – as young as 13 years – totaling to 329 have reports bugs in two years and have been paid as much as $20,000 for a single bug. Those who report bugs don’t need to necessarily stop and can keep on poking around for more vulnerabilities – many have managed to bank as much as $100,000 from Facebook. Two researchers even landed a job at Facebook for their findings.

Most number of bug finders is from the US followed by India, UK, Turkey and Germany. “Our Bug Bounty program allows us to harness the talent and perspective of people from all kinds of backgrounds, from all around the world”, noted Facebook security engineer Collin Greene in a blog post.

The lowest bounty that Facebook is offering is $500 – without any cap on the maximum one can receive. According to Facebook some of the main criterion based on which it rewards researchers includes impact, the target, quality of communication, and secondary damage that the bug may have. The social networking giant went on to explain that if someone is able to access Facebook data or modify an account or run some sort of JavaScript code under facebook.com – such bugs would be classified as high-impact bugs.

You can get more information about Facebook’s bug bounty program here.