Facebook Expands Their Bug Bounty Program To Include Third-Party Instagram Data Abuse

Facebook’s challenges multiplied after acquiring Instagram. While they were already dealing with lots of security mess-ups with Facebook and Messenger, Instagram problems further added to their miseries. While they already included Instagram in its bug bounty program, it seems the tech giant is now gearing up to tackle Instagram data misuse as well. Reportedly, Facebook expands its bug bounty program to include Instagram data abuses by third-parties.

Facebook Bug Bounty Includes Instagram Data Abuses

According to a recent announcement, Facebook now plans to expand its bug bounty program to include Instagram abuses. Precisely, this move will cover misuse of Instagram data by any third-party apps under Facebook’s Data Abuse Bounty program.

As announced by Facebook’s Security Engineering Manager Dan Gurfinkel, the company plans to protect Instagram users’ information more efficiently. Thus, it will let the researchers report problems and data abuses related to Instagram. Moreover, it will also reward them with bounties. As stated in the announcement,

Our goal is to help protect the information people share on Instagram and encourage security researchers to report potential abuse to us so we can quickly take action.

Enhanced Security Focus At Checkout On Instagram Too

Apart from announcing bounties for Instagram data abuses, Facebook also shed light on another bounty opportunity. As announced, Facebook is also starting an invite-only bug-hunting program for ‘Checkout on Instagram’ – a convenient online shopping feature. Describing this functionality, Gurfinkel stated,

Checkout on Instagram allows people to purchase products directly on Instagram without leaving the app.

Specifically, Facebook has invited a ‘selected group of security researchers to assess this Instagram functionality. These researchers, who have already collaborated with Facebook, can now get ‘early access’ to the feature.

As part of their participation, the researchers will receive early access to the feature and receive bounty awards for eligible reports. The researchers who are helping us test this feature have previously submitted high-quality research to our bug bounty program.

In September 2018, Facebook made a similar expansion in its bug bounty program. That time, they included reports for third-party access token exposure.

Take your time to comment on this article.

Related posts

NachoVPN Attack Risks Corporate VPN Clients

Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection & Response Platform

Anti-Spam WordPress Plugin Vulnerabilities Risked 200K+ Websites