Facebook launches Data Abuse Bounty with rewards of up to $40,000
With at least 87 million Facebook users affected by the data abuse by Cambridge Analytica, the social network is now on a mission to clean up its image. After rolling out tools, issuing notifications, and testifying in front of Congress, Facebook is launching a new bounty program that rewards people who report instances of data abuse.
The Data Abuse Bounty is a new program that offers from $500 to $40,000, and it aims to clamp down on the misuse of data by app developers. Launched just before Mark Zuckerberg's testimonies this week, it's a clear attempt by Facebook to curry favor.
- How to check if your Facebook data was shared with Cambridge Analytica
- Congress releases Mark Zuckerberg's prepared testimony ahead of Wednesday's hearing
- Facebook suspends pro-Brexit firm AggregateIQ for allegedly obtaining user data improperly
- Facebook suspends Trump campaign's data analytics team, Cambridge Analytica, for harvesting private information of 50 million users
Working much like other bounty programs, Facebook's Data Abuse Bounty pays out to "people with first-hand knowledge and proof of cases where a Facebook platform app collects and transfers people's data to another party to be sold, stolen or used for scams or political influence."
Launching the program, Facebook says:
Today, Facebook is launching the Data Abuse Bounty to reward people who report any misuse of data by app developers.
We committed to launching this program a few weeks ago as part of our efforts to more quickly uncover potential abuse of people’s information. The Data Abuse Bounty, inspired by the existing bug bounty program that we use to uncover and address security issues, will help us identify violations of our policies.
The bounty program will operate on a responsible disclosure basis, and Facebook explains what could qualify:
To be eligible for a reward the situation must involve:
- More than 10,000 Facebook users.
- Definitive abuse of data. Not just collection.
- A case we were not already aware of or actively investigating.
The company also explains what are "explicitly out of scope scenarios":
- Malware or mass-scale tricking of users to install apps.
- Scenarios where social engineering is a major component.
- Non-Facebook cases (ex: Instagram).
More details are available on the bounty terms page as well as in the FAQ. You can also keep an eye on www.facebook.com/data-abuse/ where Facebook says it will post updates in the name of transparency.