Facebookis announcing two updates to further strengthen Instagram’s security and help protect people who use the platform. First is expanding its Data Abuse Bounty program to include Instagram; second is introducing an invite-only bug bounty program forCheckout on Instagrambefore it expands beyond the US.
Last April, Facebook launched the Data Abuse Bounty programto help identify potential violations of the platform’s policies and reward people who report misuse of Facebook data by app developers. Now the program is expanding to Instagram.
The goal is to help protect the information people share on Instagram and encourage security researchers to report potential abuse so action can quickly be taken. Just like the bug bounty program, reports will be rewarded based on impact and quality.
Since the Data Abuse Bounty is the first of its kind, Facebook continues to welcome feedback on how to help the program improve and grow. If you are interested in joining the program, please review the updated terms here: https://www.facebook.com/data-abuse.
The second update is for Checkout on Instagram, whichallows people to purchase products directly on Instagram without leaving the app and is currently only available in the US. To continue to ensure this feature’s security as it expands globally, a select group of security researchers has been invited to stress test it.
As part of their participation, the researchers will receive early access to the feature and receive bounty awards for eligible reports. The researchers who are helping test this feature have previously submitted high-quality research to the bug bounty program.
Since launching the bug bounty program in 2011, Facebook has worked with the security researcher community to help identify and fix potential issues in products and services. This program is one of the longest-running in the industry and has received thousands of bug bounty reports from researchers around the world.
Facebook is exploring other opportunities to tap into the expertise of researchers who consistently submit high-quality research to the bug bounty program and invites them to test new features prior to launch. If you would like to be considered for these opportunities, please continue sharing high-quality and high-impact reports.