Data scraping has been a major issue for social media and tech companies. To curb the affair, Meta formerly known as Facebook is expanding its bug bounty program and will reward researchers who discover any scraping activity.
The company believes it to be the first to bring a bug bounty program that aims to crack down on data scraping. As the reports cite, Meta’s program has matured from a mere Facebook website to covering its web and mobile clients across all its major apps, services like Instagram, WhatsApp, Workplace, etc. Continuing its effort towards the initiative, the company notes to have been “looking to find vulnerabilities that enable attackers to bypass scraping limitations to access data at greater scale than what we initially intended.”
With the expansion, Meta will allow researchers to report on potential bugs that could enable scraping activity, as well as previously scraped data that are already there on the internet.
For the unversed, data scraping online is a process of using bots to extract data from a website. As noted, it is different than other malicious activity Meta tracks as it used automated tools to accumulate personal information from users’ profiles including email addresses, phone numbers, profile photos, etc. While users often share these details on their public Facebook profiles, scrapers as Engadget points out can expose the information more widely like publishing it in searchable databases.
The report further notes that it can be difficult for the company to counter the activity given more than 500 million Facebook users’ information that was published on a forum this April, their actual data scraping already occurred a year before. The company no doubt addressed the flaw, but it was barely effective as the data was exposed online. Meta even sued some individuals for such activity.
Meta Bug Bounty program to combat data scraping: How will it benefit researchers
Meta’s expansion of the Bug Bounty program will reward researchers for finding “unprotected or openly public databases containing at least 100,000 unique Facebook user records with PII [personally identifiable information] or sensitive data (e.g. email, phone number, physical address, religious or political affiliation).” For this, the company will open up two new areas for the HackerPlus bug bounty community. Instead of usual payouts, Meta will provide the reward in the form of charity donations to nonprofits of a researcher’s choosing to ensure that the company is not incentivizing the publishing of scraping data. For reporting bugs on data scraping activity, researchers can choose between a donation or a direct payout. Each bug or dataset is eligible for at least a $500 award.
The post Meta expands bug bounty program, to reward at least $500 for data scraping discoveries appeared first on BGR India.
