Instagram desires hackers to put its latest shopping feature to the test

The Facebook-owned company said it’s inviting a select cluster of security researchers to stress test its Checkout feature before it expands it beyond the U.S.A.


The tool, which launched in March, permits users to shop for merchandise directly on Instagram from a pick range of brands, together with Zara, H&M and Nike. Previously, users had to leave the Instagram app and get the item from the retailer’s website.


Instagram antecedently said payments on the Checkout feature are secure and processed in partnership with PayPal. Instagram has additionally said it doesn’t share payment info with sellers, and it keeps financial info on secured servers.


The researchers, who also are known as white hat hackers, find vulnerabilities before a bad actor may in order to guard users. In this case, they’ll get early access to the worldwide feature and earn rewards for eligible reports. Those who qualify have antecedently submitted “high-quality” research to its bug bounty program.


In 2018, Facebook paid out over $1.1 million in rewards to researchers from over 100 countries, who found and reported security vulnerabilities and information abuse. The common award quantity was about $1,500 last year.


This isn’t the primary time Instagram’s parent company Facebook has invited white hat hackers to test a feature.


Facebook said it gave a pick cluster of researchers early access to FB5, which is Facebook’s redesigned look that it disclosed at its F8 developers conference earlier this year.


Philippe Harewood, one of the researchers who took part within the private program, found a bug in Facebook’s new interface, which may have let somebody remove another person’s profile photograph. The corporate said Harewood’s work allowed the company to repair the difficulty before it unrolled FB5 around the world.


Facebook is additionally increasing its information abuse bug bounty program to Instagram, which is meant to seek outand kick off apps that abuse its platforms. Currently researchers will be able to report third-party apps that improperly access and store user information on Instagram.


Facebook started its bug bounty program in 2011. Last year, it launched another program targeted on information abuse following revelations that Cambridge Analytica improperly harvested data from millions of users.


The information-abuse-focused program rewards people that report cases where a third-party app collects and transfers people’s Facebook — and currently Instagram — data to another party to be sold or used for scams and other functions. Rewards can go up to $40,000 per case.


Other tech companies additionally offer bug bounty programs. Google paid out a total of $3.4 million rewards in 2018 to researchers who found vulnerabilities. Earlier this month, Apple said it’d provide hackers up to $1 million to hack an iPhone.