Facebook Expand Data Abuse Bounty Program for Third Party Websites and Apps

Facebook is expanding their Data Abuse bounty program for third-party apps and website to check out Facebook announced this morning it’s expanding its bug bounty program – which pays researchers who find security vulnerabilities within its platform – to now include issues found in third-party apps and websites. Specifically, Facebook says it will reward valid reports of vulnerabilities that relate to the improper exposure of Facebook user access tokens.

Data Abuse Bounty Program Contents

This program exists to help us protect people’s data on Facebook.
This is done by incentivizing anyone to report apps collecting user data and passing it off to malicious parties to be exploited.
If we find cases of this we will take action, including but not limited to:
  • Termination of the application from our Platform
  • Initiation of a forensic audit of related systems
  • Legal action against the company and any relevant parties

Typically, when a user logs into another app using their Facebook account information, they’re able to decide what information the token and, therefore, the app can access and what actions it can take.

But if the token becomes compromised, users’ personal information could be misused.

Facebook says it will pay a minimum reward of $500 per vulnerable app or website if the report is valid. The company also noted it wasn’t aware of any other programs offering rewards of this scope for all eligible third-party apps.

If a vulnerability is determined to be legit, Facebook will then work with the affected app developer or website operator to fix their code. Any apps that don’t comply with Facebook’s request to address the issue will be suspended from the platform until the problem has been solved and undergoes a security review.


Facebook is