Facebook parent company Meta says it handed out more than $2.3 million in rewards to security researchers as part of its bug bounty program in 2024.
The company received nearly 10,000 vulnerability reports last year, approximately 600 of which qualified for a bounty payout. Close to 200 researchers received rewards, the company says.
Since 2011, Meta has awarded more than $20 million in bug bounties to researchers hunting for security defects in products such as Facebook, Messenger, Instagram, WhatsApp, Workplace, Meta Quest, Ray-Ban Stories, Meta AI, and open source code.
Per the company’s guidelines, researchers can earn as much as $300,000 for vulnerabilities leading to code execution in mobile products, up to $145,000 for account takeover flaws, $45,000 for bugs in Meta hardware, and $40,000 for server-side request forgery (SSRF) issues. Rewards for other types of vulnerabilities are also available.
Since 2023, Meta has been rewarding researchers for reporting bugs in its generative AI features, and is now receiving reports for integral privacy or security issues associated with its LLMs. Mixed reality products are also in its bug bounty program’s scope.
Meta is offering up to $30,000 for defects in ads audience tools leading to the compromise of personal information, but researchers may end up receiving less, as the company applies deductions based on required user interaction, prerequisites, and other mitigating factors.
As it is getting ready to host its annual Meta Bug Bounty Researcher Conference (MBBRC) in May (this year in Tokyo), the company is celebrating Philippe Harewood as one of its most long-standing and prolific researchers, who received over 500 bug bounties for valid reports submitted over the past 10 years.
“For the past 14 years, our bug bounty program has fostered a collaborative relationship with external researchers that has helped keep our platforms safer and more secure. We would like to extend a heartfelt thanks to everyone who contributed to the growth of our program in 2024,” the company notes.
Related: Apple Complains Meta Requests Risk Privacy in Spat Over EU Efforts to Widen Access to iPhone Tech
Related: South Korea Fines Meta $15 Million for Illegally Collecting Information on Facebook Users
Related: In Other News: Doxing With Meta Ray-Ban Glasses, OT Hunting, NVD Backlog
Related: CISO Conversations: LinkedIn’s Geoff Belknap and Meta’s Guy Rosen
