Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Emrakul from Facebook Security contacted me asking if Facebook can contact the author of a news article and have him change the reward amount from $1,500 to $15,000. I responded by saying that the reward that I was given for this exploit was $1,500. 9 days later I got a response claiming that it was a mistake.
- The email that was sent, came from the same Facebook Email Address assigned for this bug report.
- Facebook (July 16th):
- ------------------------
- Hi Dan,
- Is it okay if we reach out to the author of http://www.csoonline.com/article/736490/facebook-fixes-critical-flaw-cites-as-example-of-bounty-s-success and let him know the amount was $15,000?
- Thanks,
- Emrakul
- Security
- Facebook
- -------------------------
- Me (July 16th):
- -------------------------
- When the vulnerability was patched, I was told by the Facebook security team that the reward was $1,500 and that was the amount that I received in my debit card.
- I wrote about the reward on my twitter feed
- https://twitter.com/thedanmelamed
- And this news site also mentioned the amount
- http://grahamcluley.com/2013/07/facebook-vulnerability/
- -------------------------
- Facebook (July 25th):
- -------------------------
- Hi Dan,
- Haha once again this is the most confusing issue of all time for some reason. Sorry I had this confused with a different issue. I hope you send in more issues and someday soon we can pay you 15k however!
- Thanks,
- Emrakul
- Security
- Facebook
- -------------------------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement