Meta is increasing its bug bounty program to reward researchers who report information scraping. The change will permit researchers to report each bugs that would allow scraping exercise, in addition to beforehand scraped information that has already been printed on-line.

In a weblog put up, Meta says it believes it’s the first to launch a bug bounty program to particularly goal scraping exercise. “We’re looking to find vulnerabilities that enable attackers to bypass scraping limitations to access data at greater scale than what we initially intended,” Security Engineering Manager Dan Gurfinkle advised studies throughout a briefing.

Data scraping is totally different than different “malicious” exercise Meta tracks because it makes use of automated instruments to mass-collect private info from customers’ profiles, similar to e-mail addresses, telephone numbers, profile pictures and different particulars. Even although customers typically willingly share this info on their public Facebook profiles, scrapers can expose these particulars extra broadly, similar to publishing the data in searchable databases.

It will also be troublesome for Meta to fight this exercise. For instance, in April the non-public info of greater than Facebook customers was printed on a discussion board. In that case, the precise information scraping had occurred years prior, and the corporate had already addressed the underlying flaw. But there was little it might do as soon as the info began circulating on-line. In some instances, the corporate has people for information scraping.

Under the brand new bug bounty program, researchers will probably be rewarded for locating “unprotected or openly public databases containing at least 100,000 unique Facebook user records with PII [personally identifiable information] or sensitive data (e.g. email, phone number, physical address, religious or political affiliation).” Instead of its ordinary payouts although, Meta says it’s going to donate to a charity chosen by the researcher so as to not incentivize the publishing of scraped information.

For studies of bugs that may result in information scraping, researchers can select between a donation or a direct payout. Meta says every bug or dataset is eligible for at the very least a $500 award.