Facebook paid $5M to Bug Bounty hunters in 5 years; India leads in payouts in 2016

Facebook paid $5M to Bug Bounty hunters in 5 years; India leads in payouts in 2016

Friday October 14, 2016,

2 min Read

A Facebook "White Hat" debit card, given to researchers who report security bugs

In a major milestone for the social media giant, Facebook today completed five years of its Bug Bounty program. In a note posted on Facebook, Joey Tyson, a security engineer on the Facebook Bug Bounty team released statistics about the program.

Launching and running a program of this size for five years is not easy --- and we couldn't have done it without the support of the broader security research community. In fact, we discovered many of the people now on our team through the community of researchers submitting reports.

In the first half of this year itself, the Facebook Bug Bounty team received more than 9,000 reports and paid a total of $611,741 to 149 researchers. India tops the list of countries based on the number of payouts, followed by USA and Mexico. Joey added,

While five years is a great milestone, we're not resting on our laurels. We are always looking to improve and expand the program. This year, we added WhatsApp to our program, expanded payment options to include Bitcoin, and switched to an automated payment process so we can pay researchers faster.

Earlier this year, a 10-year-old Finnish boy received a USD 10,000 reward from Mark Zuckerberg for spotting a bug in Facebook-owned photo-sharing platform Instagram, becoming the youngest hacker to receive a cash reward from Facebook for hacking its own products.Talking about what's next for the program, Joey noted:

We're also preparing to share more educational resources on security fundamentals and topics specific to our products. We look forward to even more improvements in the future --- and to many more valuable reports from whitehat security researchers!

In August, at Black Hat 2016, a popular annual computer security conference, Apple announced that it would soon begin paying hackers and researchers who privately disclose security flaws in the company’s products. Apple will pay up to $200,000 for serious security vulnerabilities, like secure boot firmware components, found in select Apple products as part of its debut bug bounty.

Read these Techie Tuesday stories about Bug Bounty hunters as well:

Started bounty hunting for a job, Anand Prakash made 1.1 crore with his passion

Manish Bhattacharya – The Kid who paid his education loan by hacking into facebook