Facebook Expands Its Data Abuse Bounty Program to Instagram

It will reward people for reporting third-party apps that exploit user data.
Facebook will start rewarding security researchers who report data abuse happening on Instagram, the company has announced.

This is an expansion of Facebook’s Data Abuse Bounty program, which it introduced in April 2018. As part of these efforts, Facebook will now start accepting reports about third-party apps that improperly access and store user data, including applications and services that offer fake likes, comments and followers. Essentially, any app that asks for people’s login information (like usernames and passwords) is violating Instagram’s terms of use — and Facebook wants the security community to notify it of anyone who may be taking advantage of this.

In addition to that, Facebook is working with security researchers to stress-test Checkout on Instagram, the shopping feature that lets people buy products without leaving the app, before it launches outside the US. Facebook says it has given a select group early access to Checkout on Instagram and will reward them for eligible reports. “Putting people first is one of Instagram’s most important values, and keeping our service secure is an essential part of the work we do to serve our community,” said Nam Nguyen, Instagram’s head of engineering. “Expanding and building on the Facebook bug bounty program is a key development in our ongoing security efforts, and we are grateful to the wider security community for all they do to help keep our platforms safe.”

Just to give you an idea of how much Facebook has paid people for their help, the company awarded more than $1.1 million to security researchers from across the world in 2018. And last year alone, Facebook says, the average payout for bugs that could lead to account takeover was increased to $40,000. All told, in 2018, Facebook received about 17,800 reports, with the average reward amount being around $1,500. Now that its Data Bounty Program covers Instagram, Facebook’s hope is that with help from security researchers worldwide, it can keep the popular app safe from bad actors who could misuse people’s data.

This post was originally published by engadget on engadget.com

Related posts