Facebook gets a lot of well-deserved flak for its data and privacy failings. However, its bug bounty program — which pays independent researchers to discover flaws in the platform — has always been a bright spot. And in 2019, it was more successful than ever, with the largest number of accepted bugs since the program launched nine years ago. And some of those flaws have been big ones. According to a recent report in WIRED, researchers from Indiana University uncovered an issue that affected 9.5 million users.

According to the team, they found that third-party software development kits were taking data from users, including their names and email addresses.

“We are always looking for the real-world security and privacy problems, and after the Cambridge Analytica stuff, that was our motivation: to look at whether bad guys can harvest data from Facebook and third parties,” Indiana University researcher Luyi Xing said. “And we found that Facebook data and data from other services are prime targets of malicious attacks.”

For its part, Facebook said it was thankful for the researchers’ efforts, and that their success is proof that the bug bounty program is working.

In a perfect world, Facebook would be able to catch all of these flaws itself. But at least there are good actors out there looking out for the company’s security — and all of ours, too.

Recommended Resources

The Choice of Tech Experts Worldwide. Try 90 days free of Bitdefender 2020 and experience the highest level of digital safety.

Private Internet Access is an award-winning, cost-effective VPN solution. The use of an anonymous and trusted VPN is essential to your online privacy, security and identity protection.

System Mechanic 14 – Make your computer run like new. Winner of 200+ Editor’s Choice awards!