Meta Platforms, formerly Facebook, announced that it will expand its business scope. Bug bounty program Begin to reward effective reports for crawling vulnerabilities on its platform, and include reports for crawling data sets available online.
Dan Gurfinkel, Meta’s security engineering manager, said: “We know that automated activities aimed at crawling people’s public and private data are specific to each website or service.” “We also know that this is a highly confrontational space, crawling tools— —Whether it is a malicious application, website or script — constantly adjust its strategy to evade detection in response to the defenses we have established and improved.”
To this end, the social media giant’s goal is Monetary compensation Obtain valid reports on crawling errors in its services and identify an unprotected or public database containing no less than 100,000 unique Facebook user records, which contains personally identifiable information (PII), such as emails, phone numbers , Physical address, religion or political affiliation. The only caveat is that the reported data set must be unique and previously unknown.
If the necessary standards are met, the company stated that it will take appropriate measures, including legal actions, to delete data from non-Meta sites. This may also involve contacting hosting service providers such as Amazon, Box, and Dropbox to take the dataset offline, or working with third-party application developers to resolve server configuration errors. Reports of database theft will be rewarded through matching charitable donations selected by the researchers.
“Our goal is to quickly identify and respond to scenarios that may reduce the cost of performing crawls for malicious actors,” Gurfinkel pointed out, adding that “we hope to particularly encourage research on logic bypass issues that can allow access to information through unexpected mechanisms. , Even if there is an appropriate rate limit.”
Measures to curb unauthorized crawling are part of the company, and the technology refers to the practice of extracting data from websites. effort arrive Limit abuse After the infamous Cambridge Analytica data scandal, people’s data on its platform was leaked, which resulted in the personal information of millions of Facebook users being collected for political advertising without their consent.
The company said that since the program was launched in 2011, it has paid more than 14 million U.S. dollars in bonuses, and this year alone, 2.3 million U.S. dollars have been awarded to researchers from more than 46 countries. Meta pointed out that most of the effective reports in the past 10 years came from India, the United States and Nepal.
