Who's keeping your data safe? With bug bounties, it's would-be hackers

do bug bounty programs work facebook
When hackers find a security exploit in Facebook, they receive a “White Hat” debit card loaded with reward money. Vignesh Kumar/Flickr
Companies need all the help they can get to stay one step ahead of the next big security vulnerability, and sometimes that means relying on outside forces.

Bug bounties elicit security help and advice from independent hackers and security researchers usually in exchange for a cash reward. The hacker scours the site, discloses the vulnerability to the company, it gets patched, and the hacker pockets some money. Bug bounty programs have been around for a long time. But in recent years, they’ve become much more common.

Facebook has paid out millions in rewards to bug hunters over the years. Earlier this year, Anand Prakash, a security engineer from India, discovered and disclosed a major bug that would have allowed him to potentially access any account. He found that it was possible to make an infinite number of PIN attempts upon resetting an account if you’re using beta.facebook.com, the developer site for new features not yet rolled out to the masses.

“In-house testing does not compare with using the crowd, via bug bounties, in terms of effectiveness.”

“I was able to view messages, his credit/debit cards stored under payment section, personal photos and more,” he said. The discovery (which was promptly fixed) netted him $15,000, and there’s no evidence that the vulnerability was ever used by malicious attackers.

The bug itself is quite simple, but had severe implications, and somehow went undetected by Facebook’s own teams. After all, security pros are still only human, and a second opinion can make a huge difference. Which is why we’ve seen a bloom in bug bounty programs from major players like Facebook, as well as platforms to connect hackers with companies, like HackerOne and Bugcrowd.

Mobile

Rekindled yet again, Nokia’s next-gen phones offer more than just nostalgia

HMD Global, a startup that designs and builds Nokia Android smartphones, wants to put the Nokia brand name back “where it belongs.” It helps that it’s made up of ex-Nokia employees. We go behind the scenes to see how HMD formed.
Movies & TV

From premiere date to footage: Here's all we have on 'Game of Thrones' season 8

With the eighth and final season looming, Game of Thrones fever has officially become a pandemic. Our list of all the relevant news and rumors will help make the wait more bearable, if you don't mind spoilers.
Movies & TV

First footage from 'John Wick: Chapter 3' has Keanu Reeves running for his life

John Wick: Chapter 3 -- Parabellum, the third installment of the wildly successful action series that stars Keanu Reeves as a deadly assassin forced out of retirement, hits theaters in May 2019. Here's everything we know about it so far.
Movies & TV

Netflix debuts full, blood-soaked trailer for 'The Punisher' season 2

The Punisher is getting a second season on Netflix, with Jon Bernthal returning to play Marvel Comics' gun-toting antihero Frank Castle. Here's everything we know about season 2 of The Punisher so far.
Computing

Stop your PC's vow of silence with these tips on how to fix audio problems

Sound problems got you down? Don't worry, with a few tweaks and tricks we'll get your sound card functioning as it should, and you listening to your favorite tunes and in-game audio in no time.
Computing

Yes, Android apps can run on your PC, and it's easier than you think

Wish you knew how to run Android apps in Windows? It's easier than you might think and there are a number of different ways to do it. In this guide, we break down the steps so you can follow along with ease.
Computing

Chip off the auction block – Intel’s i9-9990XE may be sold to the highest bidder

Intel's alleged Core i9-9990XE may only be sold at auction to OEMs, meaning that only a few of the 14-core, 28-thread, 5GHz CPUs will ever see the light of day in specific devices and systems.
Computing

Don't spend hundreds on Pro Tools or Logic. Try one of these free alternatives

Believe it or not, Pro Tools isn't the only digital audio workstation worth your time. Check out our picks for the best free recording software, whether you're looking for a lightweight app or a full-blown audio workstation.
Computing

How to share an external hard drive between Mac and Windows

Compatibility issues between Microsoft Windows and Apple MacOS may have diminished sharply over the years, but that doesn't mean they've completely disappeared. Here's how to make an external drive work between both operating systems.
Computing

Should you buy the affordable MacBook Air, or is the MacBook Pro worth the price?

Though they both share Retina Displays and similar keyboards, there are still some specs differences and other changes that differentiate the new 2018 MacBook Air and MacBook Pro. In this guide, we stack the two up against each other.
Android

Mobile World Congress (MWC) 2019: Complete Coverage

There's no bigger show for mobile tech geeks than Mobile World Congress in Barcelona, Spain: where flagship phones are born and intriguing new wearables shine. And this year, where foldable phones and 5G are likely to dominate the news. For…
Computing

Google is giving its G Suite web apps new touches of visual improvements

Your G Suite applications will soon have a different look. Several of the web apps are getting updated with subtle visual improvements inspired by Google's Material Design guidelines. 
Emerging Tech

CES 2019 recap: All the trends, products, and gadgets you missed

CES 2019 didn’t just give us a taste of the future, it offered a five-course meal. From 8K and Micro LED televisions to smart toilets, the show delivered with all the amazing gadgetry you could ask for. Here’s a look at all the big…
Computing

Hackers are scoring with ransomware that attacks its previous victims

Computer viruses are always evolving. In a new one, dubbed "Ryuk," hackers are targeting PCs with ransomware that scours an infected network in order to pinpoint and attack and enterprises with big money.
1 of 3