Facebook will pay upwards of $40,000 to people who catch large data leaks.
The company announced a bounty program on Tuesday which would reward people who find cases of data abuse on its platforms. Payouts start at $500, and people can receive more than $40,000 for big discoveries. The data abuse program is the first of its kind in the industry.
“A door is always open if a whistleblower wants to say there’s something sketchy here,” Facebook’s head of product security Collin Greene said to CNBC.
Cases that are brought to Facebook’s attention and submitted with evidence will be vetted by its bug and data abuse bounty team. The company will investigate the report and decide what action to take. Possible scenarios include shutting down the app, suing the data leaker or conducting an onsite audit of the company selling or buying unauthorized data.
The company currently has 10 people on the bug bounty team but plans to hire more people and involve other teams in order to investigate substantiated claims.
To be eligible, the case must involve at least 10,000 Facebook users, show how data was abused (not just collected) and Facebook must not have been aware of that specific issue before. Companies that scrape data, anyone who uses malware to get people to install apps, social engineering projects and non-Facebook cases on its other platforms like Instagram are not eligible. It is open to expanding the program down the road.
Facebook first announced its intention to launch a data abuse bounty program in late March in response to the Cambridge Analytica data leak scandal. The data analytics firm was able to use unauthorized data from a psychology quiz intended for academic purposes only to target potential voters during the 2016 U.S. presidential election. Cambridge Analytica and the creator of the app, Alexandr Kogan, have denied the accusations.
The data abuse bounty program is based off its current bug bounty program, which pays people who find security flaws on its platforms. It pays out over a $1 million on average a year in bug bounties, executives said.
