Advertisement
According to Facebook, researchers can earn up to $40,000 if they report an account hijacking flaw that does not require any user interaction, and $25,000 if minimum user interaction is required for the exploit to work.
The bounty applies to Facebook and other services owned by the company, including Instagram, WhatsApp and Oculus.
“By increasing the award for account takeover vulnerabilities and decreasing the technical overhead necessary to be eligible for bug bounty, we hope to encourage an even larger number of high quality submissions from our existing and new white hat researchers to help us secure over 2 billion users,” Facebook said.