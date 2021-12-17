Meta, which is the new name of Facebook, has expanded its bug bounty program to reward programmers for finding vulnerabilities and bugs in extracted data.

Data collection is how Meta mass collects personal information from users’ profiles, such as profile photos, email addresses and phone numbers, through automated tools.

Researchers who can find bugs in data already collected, as well as report bugs that may trigger scraping activity, will get rewards in the bug reward program.

“We are looking to find vulnerabilities that allow attackers to work around scraping limitations to access data in [uma] larger scale than we initially intended,” said security engineering manager Dan Gurfinkle, quoted in an Engadget report.

Meta said it is the first company to launch a bug-reward program for data collection.

With data collection, companies like Meta extract personal information from various websites. And while a large portion of this information is voluntarily provided by users to the website they are using, data collection allows for a wider dissemination of information, including sharing the information in searchable databases.

And since data collection is an industry-wide activity, where snippets of users’ personal information are shared with different parties, Meta can’t really avoid it.

In fact, it’s one of the frontier companies. But data collection is a business strategy that is done according to legal norms. Any data leakage in this process leads to unsolicited data exchange, and this could be the result of a bug or vulnerability. Meta wants researchers to discover this bug and reward them for it.

In Meta’s words, researchers will be rewarded for finding “unprotected or overtly public databases containing at least 100,000 unique Facebook user records with PII [informações de identificação pessoal] or confidential data (eg, email, telephone number, physical address, religious or political affiliation).”

But the payments for this program will be a little different. Meta said that instead of giving the cash prize to the programmer, it would donate the money to a charity that the winning programmer would choose, just so the company can avoid encouraging the publication of fragmented data.

But for bug reports that could lead to data mining incidents, researchers will have the option of receiving a direct payment or making a donation. Meta said that each bug or dataset can earn a reward of at least $500.