Facebook Bug Bounty

Are you an ethical hacker looking for a challenge? If so, the Facebook Bug Bounty Program might be just what you’re looking for. Launched in 2011, the program provides an opportunity to discover and responsibly disclose bugs and vulnerabilities related to Facebook’s products, potentially earning recognition and rewards while helping keep Facebook—and its users—safe.

Program Overview










Minimum Reward


Maximum Reward


Average Payout


Total Payouts

$14 million



To be eligible for a bounty, you can report a security bug in one or more of the following Meta technologies and programs:

  • Facebook
  • Messenger
  • Instagram
  • WhatsApp
  • Quest
  • Workplace
  • Portal
  • Internet.org / Free Basics
  • Express Wi-Fi
  • Ray-Ban Stories
  • Open-source projects by Meta

For more information, please visit https://www.facebook.com/whitehat.

Frequently Asked Questions

Does Facebook have a bug bounty program?

It certainly does! Facebook launched its bug bounty program in 2011 to reward security researchers for finding and reporting any potential vulnerabilities related to the service. This approach allows Facebook to proactively identify problems before malicious actors exploit them, ensuring the company’s services remain secure. For more information on Facebook’s Bug Bounty Program, please visit https://www.facebook.com/whitehat.

How much does Facebook pay for bug bounties?

The amount of payment awarded depends on the severity of the issue reported. Awards range from $500 up to $80,000, depending on the significance of the security vulnerability you identify. Bug bounty hunting is no small feat and can be very lucrative for those willing to do the hard work!