SecurityWeek reports that Facebook parent firm Meta has expanded its bug bounty program to include rewards for flaws that could be abuse to evade Facebook integrity checks, including two-factor authentication for some business manager accounts, as well as the platform's feature restrictions and application verification processes.
Meta will be awarding up to $2,000 to researchers determining endpoints that could be bypassed by Business Manager 2FA prompts, while rewards of up to $20,000 and up to $15,000 could be given to researchers identifying issues enabling the creation of "an arbitrary amount of prepaid balance without using a valid payment method," and the omission of "an arbitrary outstanding balance without a valid payment," respectively, according to Meta.
Researchers could also be given up to $20,000 for discovering techniques for ad revenue generation through fake impressions. Meanwhile, up to $10,000 could be awarded to those who could identify novel highly scalable and exploitable attack vectors.