Facebook’s 2014 Bug Bounty Program Awarded $1.3M

Facebook paid $1.3 million to 321 hackers worldwide last year who helped spot security flaws in the social network's software.

"Every year we are surprised by what we learn from the security community, and 2014 was no exception," Collin Greene, Facebook's security engineer, wrote in a blog post Wednesday morning.

Started in 2011, Facebook's "bug bounty" program awards money to people who report security gaps to the company.

There were 17,011 reports submitted to Facebook's bug bounty program in 2014, an increase of 16 percent compared to 2013. There were also more severe security gaps reported to the social network last year, according to the blog post.

That includes flaws that would allow hackers to upload content in Facebook's and Instagram servers, view a user's private messages and post on their timelines.

Researchers in India reported the highest number of bugs followed by Egypt, the United States, the United Kingdom and the Philippines.

The average payout in the United States was $2,470, and 61 bugs were reported. Worldwide, the average payout was $1,788.

The minimum award from Facebook for spotting a security bug is $500 and there is no limit on how high an award can go.

The largest bounty in 2014 was $30,000, which was paid to someone in Lithuania, according to Facebook. Since Facebook started its bug bounty program in 2011, the social network has paid out more than $3 million.

The program continues to grow. There have already been more than 100 reports of security flaws submitted to the social network this year.

Other companies such as Google and Yahoo also have bug bounty programs. But a 2014 report by the RAND corporation also noted that the black market for consumer data is growing and can be more profitable than the illegal drug trade.

Comments are closed.