Facebook pays $40,000 to hackers to expose bugs

The company said it paid $5,000 to one user who identified an especially serious bug. Another user who exposed six separate flaws received $7,000. The minimum payment is $500.

Facebook said it also had to deal with a number of bogus reports from people seeking publicity.

"We are one of the first companies to clearly lay out our policy in order to make those who discover vulnerabilities more comfortable in reporting, and we are happy to see that other organizations are adopting a similar stance," the social networking site said in a statement.

"The program has also been great because it has made our site more secure — by surfacing issues large and small, introducing us to novel attack vectors, and helping us improve lots of corners in our code."

The company said it would be impractical to expand the program to identifying bugs in third-party applications on the site.