News Categories
Bug hunting turns ugly as researcher gets in a spat with Facebook
By Ian Chee - on 19 Des 2015, 9:00am

Bug hunting turns ugly as researcher gets in a spat with Facebook

Bug hunting in light of bug bounties provided by tech companies have been a relatively straightforward affair, at least for us on the outside of the scene. On the inside, though, things can look to be a place more confusing than the Wonderland Alice found herself in, as a recent spat between a bug hunter and Facebook reveals.

Wes Wineberg was on his usual bug hunting business when he discovered and disclosed to Facebook some issues with Instagram on October 21. Wineberg detailed that he and Facebook’s security team had their usual exchange for a bit when suddenly Alex Stamos, Facebook’s CSO contacted Wineberg’s contract employer, referencing legal and criminal actions.

Long story short, Alex Stamos says that Wes Wineberg went too deep into the rabbit hole, and in exposing vulnerabilities, also gained access to private information, which makes this bug bounty void. Stamos maintains that this stance by Facebook will not be changed as to not send a precedent for other bug hunters to go further than they need to, to the extent of accessing private information. Wineberg, on the other hand, says he’s done everything by the book, and is frustrated that not only was he not awarded the bounty for the bug, he was also intimidated with references to legal and criminal actions for his bug reporting.

The flow of events as described by security researcher Wes Wineberg. <br> Image source: EXFiLTRATED.

You can read the accounts of both Wineberg and Stamos themselves for more in-depth understanding of the entire matter.

Source: EXFiLTRADED, Facebook via Forbes.