Security researcher penalised $3750 by Facebook for verifying vulnerability

Security researcher penalised $3750 by Facebook for verifying vulnerability(philippeharewood.com)

46 points by kailanb 4 years ago | 3 comments

executive 4 years ago |

Seems you did not disclose this over the Facebook Portal Smart Video Calling Touch Screen. Consider yourself lucky they did not deduct $7000 instead.

some_chap 4 years ago |

Hmm, so they reported it to FB & apparently had the vuln confirmed but then retested the vuln a couple of times at 12h & 22h after reporting/confirmation, with the implication that each time they were exposing other user's data...

Not too surprised they reduced the award, tbh...

1B05H1N 4 years ago |

Sucks but it goes against their bug bounty tos facebook.com/whitehat.

It's sorta bad to punish folks who have been helping secure the org for a while (in my opinion).