Security News > 2021 > December > Facebook expands bug bounty program to include scraping attacks, two years after it was scraped – hard

Meta has expanded its bug bounty program to include payouts for reports of scraping attacks on Facebook - but hold your applause.

"We're tackling the industry-wide issue of scraping by expanding our bug bounty program to reward valid reports of scraping bugs and unprotected data sets," states an update from the Facebook security team.

"The goal of this program is to find bugs that attackers utilize to bypass scraping limitations to access data at greater scale than the product intended."

Note, dear reader, that the above quote indicates that Facebook limits scraping and is comfortable with it happening at limited scale.

Another extension to Facebook's bug bounty program is rewards for those who find "Unprotected or openly public data sets containing at least 100,000 unique Facebook user records that include information such as email, phone number, physical address, religious, or political affiliation."

Meta's bounty program for these datasets only offers payments to reporters' preferred charities - lest scrapers report their own work for monetary gain.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/12/16/facebook_scraping_bug_bounties/