Facebook Launches Data Abuse Bounty

You’ve heard of bug bounties. Now Facebook has introduced a new twist to the concept: a data abuse bounty.

And unlike many bug bounties, which usually cap the amount that a developer can earn for discovering system vulnerabilities, there’s no limit to how much Facebook will pay out to squelch data abuse. “This program will reward people with first-hand knowledge and proof of cases where a Facebook platform app collects and transfers people’s data to another party to be sold, stolen or used for scams or political influence,” read Facebook’s April 10 posting on the matter. “Just like the bug bounty program, we will reward based on the impact of each report.”

Facebook has pledged to shut down any apps that are abusing data, as well as take legal action against the developer. The social network will also alert users potentially affected by the abuse.

Facebook’s bounty comes on the heels of the Cambridge Analytica controversy. Cambridge Analytica, a London-based political consulting firm, harvested raw data from millions of Facebook users who did not explicitly consent to it. “The breach allowed the company to exploit the private social media activity of a huge swath of the American electorate, developing techniques that underpinned its work on President Trump’s campaign in 2016,” read the explosive New York Times exposé on the issue.

Cambridge Analytica’s data derived from a personality quiz that a Cambridge University researcher had posted on Facebook. Around 270,000 people took that quiz, which vacuumed up data from their networks; as a result, that researcher (and Cambridge Analytica) had access to raw information on as many as 87 million Facebook users. Although the researcher and Cambridge Analytica promised Facebook back in 2015 that the data had been deleted, a whistleblower at the firm said that “hundreds of gigabytes” had nonetheless been retained, according to the Times.

That spectacular privacy violation is why Mark Zuckerberg ended up testifying before Congress, as well as Facebook’s decision to launch this new bounty. For more information on how you can inform on malicious app-makers for sweet cash, check out Facebook’s dedicated page on the issue.