After a massive failure by the social media giants, the company has decided to launch a data abuse bounty program to ask its users to help it find companies using unauthorized data.
In his first-ever US congressional appearance, the Facebook founder and chief executive sought to quell the storm over privacy and security lapses at the social network that have angered lawmakers and Facebook’s two billion users.
Swappping his customary tee-shirt for a business suit and tie, Zuckerberg faced tough questions over how a US-British political research firm, Cambridge Analytica, plundered detailed personal data on 87 million users to be used in the 2016 US presidential election.
“It was my mistake, and I’m sorry,” Zuckerberg said in prepared testimony. “I started Facebook, I run it, and I’m responsible for what happens here.”
FACEBOOK will pay from $500 to upward of $40,000 for substantiated cases. Only Facebook is included in the program at this time, not other platforms like Instagram.
“It will help us find the cases of data abuse not tied to security vulnerability. … This will cover both hemispheres, and help surface more cases like Cambridge Analytica so we can know about it first and take action,” Facebook’s chief security officer, Alex Stamos, told CNBC.
The company currently has 10 people on the bug bounty team, but plans to hire more people and involve other teams in order to investigate substantiated claims.
To be eligible, the case must involve at least 10,000 Facebook users, show how data was abused (not just collected) and Facebook must not have been aware of that specific issue before. Companies that scrape data, anyone who uses malware to get people to install apps, social engineering projects and non-Facebook cases on its other platforms like Instagram are not eligible. It is open to expanding the program down the road.
The data abuse bounty program is based off its current bug bounty program, which pays people who find security flaws on its platforms. Faecbook pays out over $1 million on average a year in bug bounties, executives said.