Sep 11 7:45 PM

Big business for bug bounty hunters

For a large tech company like Facebook, extending the challenge of detecting security flaws in their software to the legions of ethical hackers outside of the company can be a lucrative side job.  

Jack Whitton helped Facebook find a vulnerability that could have breached millions of Facebook users’ accounts and got paid $20,000 -- the biggest bounty Facebook ever paid for a single recipient.

If I sold the vulnerability to someone, I would have received a lot more for it, but I’m doing a service

The 22-year old does “bug” hunting as a hobby after a long day’s work as a software engineer for a UK broadband company.

“If I sold the vulnerability to someone, I would have received a lot more for it, but I’m doing a service,” Whitton told “Real Money with Ali Velshi” in an interview.

Facebook started its Bug Bounty Program over two years ago. It reported on its Facebook Bug Bounty Facebook page that it paid out over $1 million in bounties. There are 329 people that have been rewarded so far. Among them are professional researchers, students and part-time workers. 

Facebook wrote on its Bug Bounty Program page that its security engineer, Collin Green, “cannot wait to pay out the next million.” The countries with the most bounty recipients include the U.S., India, the UK, Turkey and Germany, correspondingly. 

In just a few hours, Whitton uncovered a vulnerability that made him a top bounty recipient. As a Facebook user, playing around on the site pays off.

“When you link to Facebook with your mobile phone, it asks which user you are, and you have the option of saying whether you are someone else, and I alerted Facebook of that vulnerability,” Whitton shared.

Facebook acknowledges that it can’t fight security threats on its own. “After all, no matter how much we invest in security -- and we invest a lot -- we'll never have all the world's smartest people on our team and we'll never be able to think of all the different ways a system as complex as ours might be vulnerable,” Facebook writes on its Bug Bounty program page.

Whitton agrees. “It gives people the option of doing the right thing and giving it to the company and it not being used maliciously,” Whitton said.

The software engineer says he found security vulnerabilities for Facebook, Paypal, Google, Etsy, eBay, Netflix, and Mozilla. Facebook even publicly acknowledged him in a thank you post on its Bug Bounty page. 

If you have a personal story to share with Real Money, tweet us at @AJRealMoney with our hashtag #AJRealMoney. 

Related

Topics
Facebook, Internet

Find Al Jazeera America on your TV

Get email updates from Al Jazeera America

Sign up for our weekly newsletter

Get email updates from Al Jazeera America

Sign up for our weekly newsletter