Facebook just made the company’s largest payout ever to a security researcher who discovered a bug so large he could’ve hijacked an entire network server.
According to ZDNet, Facebook paid Brazilian computer engineer Reginaldo Silva $33,500 for reporting a major bug to Facebook. Silva has been testing the type of bug he eventually found on Facebook since 2012, earning a much-smaller $500 bounty from Google after he found a related security issue by running a code on one of their servers. Silva detailed how he discovered the Google bug and moved on to discover the much-larger Facebook bug in a blog post. Although he’d been testing this particular type of bug for years, he’d only discovered how it applied to Facebook and worked on the problem for two days before he hacked the system and reported the problem.
Facebook addressed the bug and the bounty they paid Silva yesterday with a post by the Facebook Bug Bounty team, which awards money to white-hat hackers who tell the social network about vulnerabilities they’ve discovered.
Many Facebook users commented on the post, expressing disappointment at Facebook’s payment rate, which they felt to be too low. But hopefully the publicity will help Silva get hired at another large tech company (or Facebook itself).
And Silva isn’t giving up his quest to rid Facebook of bugs. “This is not my first security bug submitted to them, and it certainly won’t be the last. My goal is to keep finding high-impact security flaws,” he told Digital Trends via email.
- Intel opens bug hunt to all security researchers, offers possible $250K payout
- Facebook apologizes after a glitch saved discarded webcam videos
- How Google’s ‘Project Zero’ task force races hackers to snuff out bugs
- Microsoft will pay you up to $250,000 to find Spectre-like flaws
- A New York Times reporter downloaded his Facebook data – and was terrified