Hackers discover Facebook's biggest holes

Russia and Brazil square measure hacking Facebook, and therefore the social network is paying them to try and do it.

Facebook paid out $US1.5 million to security researchers worldwide last year as a part of its Bug Bounty program, and therefore the 2 rising markets were to blame for news a number of the foremost crucial threats, in keeping with a report Facebook free in the week.

The company rewards disclosures regarding vulnerabilities, and so uses the knowledge to fortify the world's largest social network against hackers.

Russians submitted thirty eight bugs that Facebook paid $US3961 for every on the average, totalling $US150,518. Brazilians found fifty three bugs, price $US3792 on the average. Brazil's total take was $US200,976.

Researchers in India contributed the most important variety of bugs, at 136, however earned  simply $US1353 on the average for every of them, amounting to a complete of $US184,008. Those within the North American country earned  a mean of $US2272 every for ninety two bugs, totalling $US209,024.

Facebook ranks the severity of bugs by what proportion harm they may intercommunicate on individual users and on the network as an entire. The additional serious a weakness, the upper the payout. whereas hackers in Russia and Brazil square measure finding and revealing fewer bugs to Facebook than those in India and therefore the North American country, those bugs tend to gift a additional serious danger.

Such bug bounty programs square measure a preferred approach for technology firms like Google, Mozilla, Firefox maker Mozilla and Hewlett-Packard to secure their services. These programs is simpler than hiring security auditors and cheaper than addressing the implications from a breach.

Collin Greene, a security engineer at Facebook, wrote in an exceedingly journal post that the corporate received nearly fifteen,000 submissions last year, quite triple the quantity in 2012. simply 687 of these were deemed as valid, and of these, half-dozen per cent were classified as high severity. the corporate took regarding six hours to force Associate in Nursing initial fix for every vulnerability, in keeping with Greene.

"The volume of high-severity problems is down, and we're hearing from researchers that it's more durable to seek out sensible bugs," Greene wrote. "To encourage the most effective analysis within the most beneficial areas, we're getting to continue increasing our reward amounts for prime priority problems."