Popular social media platform Facebook has paid a record amount on a bounty, according to Wired.
Things haven't been exactly bright for the company where security and privacy are concerned. However, they can boast that their bug bounty program, launched in 2011, has been very successful.
Bounties are programs which allow researchers to find and notify of potential flaws or vulnerabilities in a company's software. Anyone can send such a report and, more times than not, receive a financial reward for pointing out a significant threat.
Facebook's, program, in particular, is one of the oldest and most rewarding. The company has paid out over $7.5 million in bounties since 2011 and forked $1.1 million in 2018. According to Wired, they paid out their biggest one yet this year.
Bounties in 2018 are said to have earned researchers around $1,500 on average. However, one of their top contributors raked in a whopping $50,000 after discovering a flaw in Facebook's developer subscription mechanism for notifications on various user activities.
The researcher found that, depending on the circumstances, a user or attacker could have manipulated the subscriptions to receive unauthorized updates on other users such as likes or comments on a certain post.
The discovery prompted Facebook's biggest bounty - by a significant margin - because it led to other discoveries relating to a bevy of other exposures which could have been exploited.
"It is not uncommon for us to receive reports about high or critical bugs from researchers," Dan Gurfinkel, Facebook's security engineering manager, said. "The September security incident involved a case of three different bugs interacting with one another. Among other lessons, it served as a reminder that it's important to get as many eyes as we can to evaluate and test our code.
"The bug bounty program is an important part of this work, and that's why we continue to develop new ways to engage researchers."
Facebook gets a huge kudos for their program, which has fattened a few pockets while making the platform safer. But the area needing the biggest breakthrough is user trust.