Join NexChange - the professional
network for the financial services
industry - and receive a free one-
year subscription to Forbes
Facebook Launches a Bounty Program to Catch Data Thieves
Capital Markets, FinTech
As Mark Zuckerberg begins two days of testimony this week before the House Energy and Commerce Committee to discuss the Cambridge Analytica scandal and Russian election interference, Facebook as announced a bounty program aimed at catching the next data leak.
The social network will pay between $500 and $40,000 – payment is at Facebook’s discretion and will depend in part on the size of the data leak.
Here are the eligibility requirements for receiving a reward:
More than 10,000 Facebook users.
Definitive abuse of data. Not just collection.
A case we were not already aware of or actively investigating.
Here is what’s excluded from the bounty program:
Malware or mass-scale tricking of users to install apps.
Scenarios where social engineering is a major component.
Non-Facebook cases (ex: Instagram).
Facebook’s bounty terms make it clear that the company is opening the program to whistleblowers, noting that if a person complies with the company’s policies on reporting a data leak it “will not initiate a lawsuit or law enforcement investigation against you in response to your report.” It was a whistleblower who blew the lid off the Cambridge Analytica data leak.
These are the disclosure policies:
You give us time to investigate and act on an issue that you report before making any information about the report public or sharing such information with others.
You make a good faith effort to avoid privacy violations and disruptions to others, including (but not limited to) unauthorized access to or destruction of data, and interruption or degradation of our or another’s services.
You provide us with the Facebook data we request after we request it.
You do not violate any other applicable laws or regulations, including (but not limited to) laws and regulations prohibiting the unauthorized access to data. Again, do not submit any data to us that you obtained unlawfully.
Facebook currently has 10 employees on its bounty team with plans to add additional people, according to CNBC.
Photo: Getty iStock