White hats get debit cards for Facebook bugs

Anyone who watches the news or follows the tech press knows the number of security flaws plaguing software and devices of all sorts continues to increase at an alarming rate. 

There are numerous “security researchers” out there who probe for vulnerabilities and execute hacks under the “white hat” banner. These researchers say they are trying to make things safer for end-users.

However, white hats often alert the public before the company in question – leaving users vulnerable to attacks using the flaws before they are patched.

Of course, there are numerous companies out there that will pay white hats to alert them to any security issues they find, including Facebook.

The catch with Facebook? To be paid, white hats can’t go public with the flaw or bug they find until the social networking site patches it. Each of the security issues a hacker finds is worth a minimum of $500. There is no maximum paid out for issues found and presumably, the amount paid out will vary according to how severe Facebook deems the issue the hacker finds.


Facebook pays the white hat hackers using a VISA debit card that it mails out when they find a flaw. The cards say White Hat Bug Bounty Program on the front. Once the card comes in the hackers can use the card to pay for items anywhere VISA is accepted, or they can set up a PIN number and withdraw cash from an ATM machine. The cool part is that if the hacker finds more flaws in the future, Facebook can just add funds to the same card.

CNET reports that the largest single payment for finding a bug so far has been $2,500. 

However, the individual who found identified that particular bug declined the cash bounty and asked that Facebook donate the funds to charity after matching them. Facebook matched the $2,500 and made the donation. There have been 81 researchers paid so far.