Security researcher penalised $3750 by Facebook for verifying vulnerability(philippeharewood.com)
philippeharewood.com
Security researcher penalised $3750 by Facebook for verifying vulnerability
https://philippeharewood.com/bulletin-com-email-address-leak/
3 comments
Seems you did not disclose this over the Facebook Portal Smart Video Calling Touch Screen. Consider yourself lucky they did not deduct $7000 instead.
Hmm, so they reported it to FB & apparently had the vuln confirmed but then retested the vuln a couple of times at 12h & 22h after reporting/confirmation, with the implication that each time they were exposing other user's data...
Not too surprised they reduced the award, tbh...
Not too surprised they reduced the award, tbh...
Sucks but it goes against their bug bounty tos facebook.com/whitehat.
It's sorta bad to punish folks who have been helping secure the org for a while (in my opinion).
It's sorta bad to punish folks who have been helping secure the org for a while (in my opinion).