More companies are turning bug bounty programs to find data privacy abuse

walden, system, systems, walden systems, accordion, backup, back up,back, up, ransom, ware, ransomware, data, recovery, critical, protection, remote, virtual, cloud, computing, desktop, ciel, cielview, view, vm, machine, vdi, infrastructure, server, paas, saas, platform, service, software, serverless, thin, client, workspace, private, public, iaas, cloud, terminal, ssh, developer, java, objective, c, c++, c#, plus, sharp, php, Excel, sql, windows, os, operating, system, o.s., powershell, power, shell, javascript, js, python, py, networks, faq, perl, pl, programming, script, scripting, program, programer, code, coding, example, devel, stored, procedure, sp, macro, switch, hub, router, ios, net, .net, interpreter socket, nas, network storage, virus, security



     More companies, mainly social media companies, may follow Facebook's lead in turning to bug bounty programs to scout out any data privacy abuse on their platforms. In the aftermath of Facebook's Cambridge-Analytica scandal in March, the social media giant launched a Data Abuse Bounty Program in an attempt to crackdown on data misuse by third-party app developers. The program was put to good use recently after a bounty hunter working through the program spotted a popular Facebook app that was exposing the personal data, including private information, friends, posts and photos of millions. The idea is an extension of the idea of crowdsourcing as a way to get work done.

     In March, Facebook made the announcement it was expanding its bug bounty program: "Facebook's bug bounty program will expand so that people can also report to us if they find misuses of data by app developers. We are beginning work on this and will have more details as we finalize the program updates in the coming weeks." Facebook stated that it hopes the program will incentivize anyone to report apps collecting user data and passing it off to malicious parties to be exploited. In an outline of its data abuse bug bounty program, Facebook is looking for any case where a third-party app currently or formerly operating on Facebook collected data from users and broke its data privacy policies. Facebook staed it would result in termination of the application from the platform if malicious apps were found.




     It's an interesting development as an extension to data use and privacy. The program seems to be working in drawing in interested white hat hackers. One such white hat hacker, Inti De Ceukelaire, found that 120 million users data was exposed on a quiz app owned by Nametests.com. Ceukelaire noticed the website would fetch his personal information and display it on the webpage, [nametests].com/appconfig_user. The data was then available for other sites to swipe it. The researcher reported the flaw to Facebook's Data Abuse program on April 22, and the issue was fixed June 25. Facebook donated $8,000 to the Freedom of the Press Foundation as part of their Data Abuse Bounty Program.

     It's possible that this could be the start of a trend toward more policy-oriented bug bounties from social media platforms. The program makes a lot of sense, by expanding their bounty program to include data misuse by app developers, Facebook may have found a way to mobilize their community to self-police. We will have too see if this if spurs new bug bounty participation including people less technical than the typical bug hunter. Researchers sees the program extension as an emerging trend for other social media website in the future, particularly as data privacy becomes a bigger issue.