Facebook is willing to pay you to strengthen its security.
The social media giant, which faced intense congressional and public scrutiny this year after political consultant Cambridge Analytica improperly accessed the data of millions of its users, is offering cash to individuals who detect vulnerabilities in third-party apps.
In a blog post on Monday, Facebook said it would provide a minimum $500 per report on bugs that could expose user access tokens, or the information an individual allows to be shared with another person or application.
“If exposed, a token can potentially be misused, based on the permissions set by the user,” wrote Dan Gurfinkel, Facebook’s security engineering manager. “We want researchers to have a clear channel to report these important issues, and we want to do our part to protect people’s information, even if the source of a bug is not in our direct control.”
[Opinion: How Facebook and Twitter can fight political polarization]
The company will suspend any apps whose operators don’t respond promptly to legitimate reports and will automatically revoke access tokens that may have been violated, Gurfinkel said.
The bug-bounty program isn’t totally new; Facebook has used it to detect vulnerabilities in its platform for years. But the expansion to third-party apps comes as the company grapples with increasing pressure from Congress to better protect user data.
In addition to the Cambridge Analytica scandal, Facebook told House lawmakers earlier this year that Chinese-owned companies like Huawei Inc. and Alibaba Group Holding, along with businesses like Microsoft and T-Mobile, were given special access to user data. Facebook previously said 45 of the 52 partnerships would be shut down by the end of October.
The company has also faced criticism for allowing third-party apps to access information without the explicit consent of individual users or their platform connections.
