Meta Paid Out $16 Million in Bug Bounties Since 2011
House › Vulnerabilities
Meta Paid Out $16 Million in Bug Bounties Since 2011
By Ionut Arghire on December 16, 2022
Tweet
Fb mum or dad firm Meta on Thursday introduced that it has paid out over $16 million in bug bounties since 2011, with $2 million awarded in 2022 alone.
Up to now, the corporate has acquired greater than 170,000 vulnerability reviews from safety researchers, however solely 8,500 of them have been awarded a bounty, the corporate says. Researchers in 45 nations have been rewarded for locating safety defects in Fb and different providers and merchandise.
In 2022, the social media large acquired roughly 10,000 vulnerability reviews and issued bounties on greater than 750 of them.
“We acquired a whole lot of impactful bug reviews in 2022 from researchers everywhere in the world which have helped to make our group safer, and we paid out greater than $2 million in bounty awards,” the corporate introduced.
Meta additionally revealed up to date payout pointers for VR expertise, now protecting Meta Quest Professional gadgets. On the BountyCon convention, a researcher was paid $44,250 for a Meta Quest 2 OAuth problem resulting in a two-click account takeover.
Moreover, the corporate up to date its payout pointers concerning cell distant code execution (RCE) vulnerabilities and revealed new payout pointers for vulnerabilities resulting in account takeover (ATO) and two-factor authentication (2FA) bypass.
Researchers submitting vulnerability reviews consistent with these new pointers could earn as a lot as $130,000 for ATO bugs and as much as $300,000 for cell RCE points. Studies, nevertheless, are evaluated on a case-by-case foundation and will earn higher-than-the-cap rewards, relying on impression, Meta says.
The very best reward earned for an ATO and 2FA bypass chain was awarded to safety researcher Yaala Abdellah for a vulnerability recognized in Fb’s cellphone number-based account restoration movement that was then chained with a separate 2FA bug. The researcher acquired a complete of $187,700 in rewards.
One other 2FA bypass that Fb discovered value mentioning earned Gtm Manoz of Nepal a $27,200 bounty. The vulnerability is described as a rate-limiting problem that would have allowed an attacker to brute drive the verification PIN for cellphone quantity affirmation, thus bypassing SMS-based 2FA.
Associated: Meta Affords Rewards for Flaws Permitting Attackers to Bypass Integrity Checks
Associated: Fb Will Reward Researchers for Reporting Scraping Bugs
Associated: Fb Publicizes Payout Pointers for Bug Bounty Program
Get the Each day Briefing
- Most Current
- Most Learn
- GitHub Publicizes Free Secret Scanning, Necessary 2FA
- Microsoft Reclassifies Home windows Flaw After IBM Researcher Proves Distant Code Execution
- Social Blade Confirms Breach After Hacker Affords to Promote Consumer Knowledge
- Meta Paid Out $16 Million in Bug Bounties Since 2011
- Ex-Twitter Employee Will get Jail Time in Saudi ‘Spy’ Case
- API Safety Agency FireTail Raises $5 Million
- Chinese language Cyberspies Focused Japanese Political Entities Forward of Elections
- E-mail Hack Hits 15,000 Enterprise Prospects of Australian Telecoms Agency TPG
- Hacker Claims Breach of FBI’s Crucial-Infrastructure Portal
- US Prices Six in Operation Concentrating on 48 DDoS-for-Rent Web sites
In search of Malware in All of the Fallacious Locations?
First Step For The Web’s subsequent 25 years: Including Safety to the DNS
Tattle Story: What Your Laptop Says About You
Be in a Place to Act By way of Cyber Situational Consciousness
Report Exhibits Closely Regulated Industries Letting Social Networking Apps Run Rampant
2010, A Nice Yr To Be a Scammer.
Do not Let DNS be Your Single Level of Failure
Tips on how to Establish Malware in a Blink
Defining and Debating Cyber Warfare
The 5 A’s that Make Cybercrime so Enticing
Tips on how to Defend In opposition to DDoS Assaults
Safety Budgets Not in Line with Threats
Anycast – Three Causes Why Your DNS Community Ought to Use It
The Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering Organizations
Utilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise
