Facebook expands bug bounty program to include ‘data misuse’

Facebook expands bug bounty program to include ‘data misuse’
© Getty Images

Facebook will expand its security flaw reporting program to allow users to report potential misuse of data by app developers, the company’s latest reaction to massive backlash over the Cambridge Analytica controversy. 

The so-called bug bounty program is designed to incentivize researchers to report security vulnerabilities on Facebook or any of its sister platforms so that the company can correct them. Researchers who successfully report security flaws are rewarded for their work.


Facebook said in a statement that it is expanding the program to apply to individuals who report data misuse by app creators. 

“Facebook’s bug bounty program will expand so that people can also report to us if they find misuses of data by app developers,” Ime Archibong, Facebook’s director of platform partnerships, said Monday. “We are beginning work on this and will have more details as we finalize the program updates in the coming weeks.” 

The decision is one prong of Facebook’s efforts to address mounting concerns about user data privacy after it was revealed that data firm Cambridge Analytica accessed information on 50 million Facebook users without their consent by exploiting a survey app and later used it to boost political campaigns. The data firm, which has ties to President TrumpDonald John TrumpTrump says inviting Russia to G7 'a question of common sense' Pentagon chief does not support invoking Insurrection Act Dershowitz: Does President Trump have power to declare martial law? MORE’s 2016 campaign, has said it did nothing improper. 

Facebook CEO Mark ZuckerbergMark Elliot ZuckerbergOn The Money: Protests highlight COVID-19's economic toll on African Americans | Senate confirms Trump watchdog for coronavirus funds | USTR launches probes into countries' digital taxes Hillicon Valley: Zuckerberg on the defensive over Trump posts | Twitter labels another lawmaker's tweet | USTR opens probe into digital taxes Two Facebook software engineers quit over Trump posts MORE has sought to stem the controversy with public apologies, saying that the company will take steps to better protect user data and limit the amount of data that apps can collect.

Meanwhile, Zuckerberg faces mounting pressure to testify before Congress on the matter.

Archibong noted Tuesday that Facebook is investigating all apps that had access to large droves of data before the company made changes to its platform in 2014 to reduce data access. The company will also inform people when apps are removed due to data misuse, he said.

“If we find developers that misused personally identifiable information, we will ban them from our platform,” Archibong said, adding that the changes are intended to “help mitigate any breach of trust with the broader developer ecosystem.”