Meta will now reward researchers for finding bugs in scraped data or the bugs that can lead to data scraping, as a first in the tech industry.
- Meta has expanded its bug bounty programme to include rewards for data scraping.
- Researchers who will find bugs in scraped data will get rewards.
- A minor bug will attract a reward of at least $500, said Meta.
Meta, which is the new name for Facebook, has expanded its bug bounty programme to reward researchers for finding vulnerabilities and bugs in scraped data. Data scraping is how Meta mass-collects personal information from users’ profiles, such as profile photos, email addresses, and phone numbers, through automated tools. Researchers who can find bugs in already scraped data as well as report bugs that can enable scraping activity will get rewards under the bug bounty programme.
“We’re looking to find vulnerabilities that enable attackers to bypass scraping limitations to access data at [a] greater scale than what we initially intended,” Security Engineering Manager Dan Gurfinkle was quoted as saying in a report by Engadget. Meta said it is the first company to launch a bug bounty programme for data scraping.
With data scraping, companies, such as Meta, extract personal information from various websites. And although a large part of this information is willingly provided by users to the website they are using, data scraping allows a wider spread of information, including sharing of the information in searchable databases.
And since data scraping is an industry-wide activity where troves of users’ personal information is shared with different parties, Meta cannot really avoid it. In fact, it is one of the firms in the frontier. But data scraping is a business strategy that is done due legal norms. Any leakage of data in this process leads to unsolicited exchange of data, and this could be a result of a bug or a vulnerability. Meta wants researchers to discover this bug and reward them for doing that.
In Meta’s words, researchers will be rewarded for finding “unprotected or openly public databases containing at least 100,000 unique Facebook user records with PII [personally identifiable information] or sensitive data (e.g. email, phone number, physical address, religious or political affiliation).”
But the payouts for this programme will be a bit different. Meta said instead of giving the prize money to the individual researcher, it would donate the money to a charity that the winning researcher would choose just so the company can avoid incentivising the publishing of scraped data. But for the reports of bugs that can lead to incidents of data scraping, researchers will have an option between taking a direct payout or charity. Meta said each bug or dataset can win a reward of at least $500 (roughly Rs 38,000).
Click here for IndiaToday.in’s complete coverage of the coronavirus pandemic.
— to www.indiatoday.in