Meta is expanding its bug bounty program to include researchers who report data scraping. This change will allow researchers to report vulnerabilities that enable crawling activities, as well as previously crawled data that has already been posted online. Meta said in a blog post that the company should be the first in the industry to launch a bounty specifically for crawling campaigns.
Dan Gurfinkle, security engineering manager, said at a briefing: "We are looking for vulnerabilities that allow attackers to bypass crawl restrictions and thus obtain data that exceeds expectations." Unlike tracking other "malicious" activities, data scraping is the use of automated tools to collect large amounts of personal information from a user's profile, such as email addresses, phone numbers, profile photos, and other details. While users are often willing to share this information in their public Facebook profiles, looters can expose these details more broadly, such as publishing the information in a searchable database.
Meta companies also have a hard time cracking down on this kind of activity. In April, for example, the personal information of more than 500 million Facebook users was posted on a forum. In this case, the actual data scraping occurred a few years ago, and the company has addressed the underlying flaws. But once the data starts circulating online, there's nothing it can do. In some cases, the company has also sued individuals for data theft.
According to the new bug bounty program, researchers will be rewarded if they find "an unprotected or publicly available database containing at least 100,000 unique Facebook user records with PII (personally identifiable information) or sensitive data such as emails, phone numbers, physical addresses, religious or political affiliations." However, Meta said it would donate to charities of the researchers' choice, rather than making the usual payments to avoid incentivizing the release of scraped data.
![The Airangel guest Wi-Fi gateway system used by hundreds of hotels is tightly present[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)