Facebook is offering a bounty to anyone who discovers rule-violating use of data by developers on the platform, paying from $500 to upward of $40,000 for substantiated cases.
The new offer is similar to a previous bug-busting bounty and is, the social network says, the first such reward in the industry. Only Facebook is included in the program at this time, not other platforms like Instagram.
Cases that are brought to Facebook’s attention and submitted with evidence will be vetted by its bug and data abuse bounty team.
The company will investigate the report and decide what action to take. Possible scenarios include shutting down the app, suing the data leaker or conducting an onsite audit of the company selling or buying unauthorized data.
The company currently has 10 people on the bug bounty team, but plans to hire more people and involve other teams in order to investigate substantiated claims.
To be eligible, the case must involve at least 10,000 Facebook users, show how data was abused (not just collected) and Facebook must not have been aware of that specific issue before.
Companies that scrape data, anyone who uses malware to get people to install apps, social engineering projects and non-Facebook cases on its other platforms like Instagram are not eligible. It is open to expanding the program down the road.
Facebook first announced its intention to launch a data abuse bounty program in late March in response to the Cambridge Analytica data leak scandal, in which it was revealed that the analytics firm collected data on up to 87 million Facebook users without their explicit consent.