How I Discovered a Facebook Privacy Loophole and Earned $1000
1 min read
Summary
A Facebook user has detailed how they discovered a privacy flaw on the platform that allowed users to see the RSVP status of other page users to a public event.
The user was ultimately paid $1000 by Facebook after reporting the flaw, which has now been fixed.
The issue was that if a user chose to decline an invitation to a public event, this rejection could be seen by all other attendees, even if they were on a different list than the creator of the event.
Facebook’s bug bounty program has been running since 2011, and in 2019 the company paid out over $1 million to developers who discovered and reported flaws on the site.
This is a win-win situation for both developers and Facebook as the company gets to strengthen its security while the developer gets financially rewarded for their expertise.