Facebook has awarded $1.3 million to 321 hackers across the world who helped in identifying security flaws in the social network’s platform. Under the program, there were 17,011 reports submitted in 2014, which is a rise of 16% from 2013.
Facebook’s bug bounty program getting popular
The social networking site started its bug bounty program in 2011, offering prize money to people who report certain security issues to the company. The minimum reward from Facebook for flagging a security bug is $500.
Collin Greene, Facebook’s security engineer, stated in a blog post that every year, “We are surprised by what we learn from the security community, and 2014 was no exception.”
Facebook shelled out an average of $2,470 per bug report in the United States, where 61 bugs were reported, while worldwide, the average prize size was $1,788. Indian researchers reported the highest number of valid flaws to Facebook, followed by researchers in Egypt, the United States, the United Kingdom and the Philippines.
Facebook came up with a new guide last year to assist hackers in creating better reports and enable them to earn more award money. According to the blog, many bugs were reported last year, including some related to uploading content on Facebook and Instagram servers, going through users’ private messages and posting on their timelines.
Information leak could prove fatal
According to cyber-security experts, social networks and mobile devices are at risk of leaking more information about people who voluntarily share their information online. Experts also note that getting their hands on usernames and passwords can hurt people more than they expect. Criminals can explore the social media accounts of users to gather personal information such as middle name, address, a mother’s maiden name and more, making it simpler to dig out answers to the questions used to verify a person’s identity.
“You have more potential from account credentials than you have with a credit card number,” Lillian Ablon, a researcher at Rand, told Mercury News. The researcher said that the amount of money given to identify the bugs is only a small share of what is offered on the black market. Companies such as Google have increased their rewards for finding bugs.