high impact Vulnerabilities  - high impact Vulnerabilities - Facebook Increases Bounty rewards for High Impact Vulnerabilities

increases the average payout for researchers to encourage them to find high impact Vulnerabilities. The researchers who find account takeover vulnerabilities that lead to full account takeover without user consent will be rewarded up to $40,000.

The change in payout for bounties applicable to other products owned by Facebook including Instagram, WhatsApp, and Oculus.

High Impact Vulnerabilities

For researchers who detect a complete account takeover, including access tokens leakage or the ability to access users’ valid sessions are rewarded with the of $40,000 for vulnerabilities without user interaction and $25,000 for the one with minimum user interaction.

Last September Facebook revealed a security breach that exposes 50 million accounts access tokens, hackers steal the access tokens by exploiting a bug in View As a feature.

Our goal is to ensure that these vulnerabilities such as the one disclosed in September are reported to us in the most responsible and timely manner.

The account takeover allows an attacker to take complete control over the user account and access victims’ personal and group conversations, photos, videos, and other shared files, contact lists, and more.

The social media giant recently introduced for for Access Token , under this researchers will be rewarded for finding vulnerabilities in third-party apps and websites that exposes Facebook user access tokens.

“While monetary reward may not be the strongest incentive for why bug bounty researchers hack, we believe it remains a strong motivator for our white hat researchers to invest time in helping us identify and mitigate vulnerabilities reads facebook post.”

Bug Bounty program employs crowdsource security researchers will diverse skill set covering a wide of vulnerability scenarios and advanced threats. There are many apprehensions and misconceptions among large organizations about bug bounty programs regarding trust, talent base, managing security researchers, and more.

You can follow us on LinkedinTwitterFacebook for daily updates also you can take the Bug Bounty courses online to keep your self-updated





Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here