Facebook’s bug bounty program pays rewards to anyone who finds and documents problems with its websites or systems. The rules for the program are detailed along with a long list of eligible websites, apps, and services. Fair game Facebook assets include
Orange Tsai works for Taiwan-based Devcore and published the full details of the hunt on a company blog. O.T. hacked into a Facebook staff server. Once inside, O.T. found a backdoor left by another hacker, along with code that could exploit
Orange Tsai reported the other hacker’s access when turning in his own bug report. After researching the reports, Facebook security engineer Reginaldo Silva discovered they already knew of the other hacker. That person is also part of their bug hunt program.
“We determined that the activity Orange detected was in fact from another researcher who participates in our bounty program. Neither of them were (sic) able to compromise other parts of our infrastructure, so the way we see it, it’s a double win: two competent researchers assessed the system, one of them reported what he found to us and got a good bounty, none of them were able to escalate access,” said Silva.
So Orange Tsai was paid for breaking into the Facebook server and also recognized for finding bug hunter tracks. In addition the money,
Editors' Recommendations
- Meta’s Facebook just reached another major milestone
- Reels are about to show up in yet another Facebook feature
- Intel enlists help of ‘elite hackers’ to exterminate bugs
- Sony’s revamped PlayStation bug bounty program offers cash rewards
- Facebook will now let users turn off political ads
