Facebook Offering Prepaid Cards to Benevolent Hackers
- In line with its “Bug Bounty Program”, Facebook carries on awarding hackers reporting security breaches. First, they were paid 500 dollars (or over, according to the criticality of the highlighted risk) and the most skilled ones can now be given a “White Hat” payment card.
- As a mark of gratitude, this customised Visa prepaid card enables its cardholder to pay for purchases or withdraw cash while setting off their expertise and Facebook’s recognition of their abilities.
- This possible profit had attracted a certain number of contributors and the social network claimed having given out 40,500 dollars for 81 breaches one month after the programme was launched. Also, it should be reminded the ISO 27001 standard includes hackers “ego” in its list of motivations and risk factors to be taken into account when implementing and maintaining an Information System.
- Facebook plans to propose other rewards to provide for the security of its platform and is not the only one to have opted for this approach (Google and Mozilla, for instance, also reward those helping them improve the security of their offers and platforms).
- Nevertheless, it should be reminded that penetrating an IS is illegal and only tolerated here by the network. Facebook explains that:
If [the hacker] give[s] [them] a reasonable time to respond to [his]
report before making any information public and make a good faith effort
to avoid privacy violations, destruction of data and interruption or
degradation of [their] service during [his] research, [they] will not
bring any lawsuit against [him] or ask law enforcement to investigate
[him].
- This highly pragmatic solution allows Facebook to make up for the detected breaches without spending too much on security and lower the risk of large scale fraud.