Facebook launches data abuse bounty program

The program is modeled after Facebook's security bug bounty program.
Facebook, social media, mobile

Facebook launched a data abuse bounty program on Tuesday in an effort to pay people that report apps which maliciously exploit user data.

The new program comes as CEO Mark Zuckerberg prepares to testify in front of congress about Facebook user data being abused by the political business firm Cambridge Analytica.

Facebook’s new program is meant to catch big fish. To be eligible for a reward, a situation has to involve over 10,000 Facebook users, the company has to be completely unaware of the app, and it must clear a definition of a “definitive abuse of data.”

The company defines that as apps buying or collecting their data through other means barred by Facebook’s terms of service.


Bounties start at $500. Facebook compares the new program to their security bug bounty program, where they’ve paid out rewards of $40,000.

“We’re looking for cases where people or groups have collected data using an app connected to Facebook and then sold or transferred that data to another company where it can potentially be abused,” Facebook chief operating officer Sheryl Sandberg said Tuesday morning. “This type of behavior is unacceptable and violates our policies.”

In addition to paying out a bounty, Facebook says it can follow up data abuse reports by banning applications, performing forensic audits and taking legal action against offenders.

Patrick Howell O'Neill

Written by Patrick Howell O'Neill

Patrick Howell O’Neill is a cybersecurity reporter for CyberScoop based in San Francisco.

Latest Podcasts