Meta
Meta
FacebookInstagramXYouTube
Meta Bug Bounty
Meta Bug Bounty overviewLeaderboardsProgram scopeProgram termsHacker Plus benefitsHacker Plus terms
Program tools
SSRF validatorTest accountsFBDLAccess token debuggerGraph API explorer
Payout guidelines
Payout guidelines overviewMobile remote code executionAccount take-overMeta hardware devicesServer side request forgery (SSRF)Platform privacy assertions2FA bypassContact point deanonymizationPage admin disclosureCross-site leaks
Data Abuse program
Data Abuse program overviewData Abuse termsReport abuseManage reports
Site terms and policies
Privacy policyTermsCookie policy
Meta Bug Bounty
Meta Bug Bounty overview
Leaderboards
Program scope
Program terms
Hacker Plus benefits
Hacker Plus terms
Program tools
SSRF validator
Test accounts
FBDL
Access token debugger
Graph API explorer
Payout guidelines
Payout guidelines overview
Mobile remote code execution
Account take-over
Meta hardware devices
Server side request forgery (SSRF)
Platform privacy assertions
2FA bypass
Contact point deanonymization
Page admin disclosure
Cross-site leaks
Data Abuse program
Data Abuse program overview
Data Abuse terms
Report abuse
Manage reports
Site terms and policies
Privacy policy
Terms
Cookie policy
Meta Bug Bounty
Meta Bug Bounty overview
Leaderboards
Program scope
Program terms
Hacker Plus benefits
Hacker Plus terms
Program tools
SSRF validator
Test accounts
FBDL
Access token debugger
Graph API explorer
Data Abuse program
Data Abuse program overview
Data Abuse terms
Report abuse
Manage reports
Payout guidelines
Payout guidelines overview
Mobile remote code execution
Account take-over
Meta hardware devices
Server side request forgery (SSRF)
Platform privacy assertions
2FA bypass
Contact point deanonymization
Page admin disclosure
Cross-site leaks
Site terms and policies
Privacy policy
Terms
Cookie policy
Meta Bug Bounty
Meta Bug Bounty overview
Leaderboards
Program scope
Program terms
Hacker Plus benefits
Hacker Plus terms
Program tools
SSRF validator
Test accounts
FBDL
Access token debugger
Graph API explorer
Payout guidelines
Payout guidelines overview
Mobile remote code execution
Account take-over
Meta hardware devices
Server side request forgery (SSRF)
Platform privacy assertions
2FA bypass
Contact point deanonymization
Page admin disclosure
Cross-site leaks
Data Abuse program
Data Abuse program overview
Data Abuse terms
Report abuse
Manage reports
Site terms and policies
Privacy policy
Terms
Cookie policy
Legal
* All payout amounts are in USD

©2024 Meta.

Meta Logo

Meta Bug Bounty

If you believe you have found a security vulnerability on Meta (or another member of the Meta family of companies), we encourage you to let us know right away.

Submit a report

Bug Bounty rewards

All listed amounts are without bonuses. With Hacker Plus, and any applicable bonuses, you can earn up to 30% of the original bounty amount on top of it!

We pay based on maximum security impact found internally, and our highest payouts reflect that.

Learn more
Total rewards for 2025
$0
2192008
Total rewards to date
$0
23335878
$500
Minimum bounty
$10k
Contact point deanonymization
$30k
Quest Persistent full secure boot bypass
$300k
Mobile RCE
$5k
Page admin disclosure
$20k
2FA Bypass
$130k
Account Takeover

Please keep in mind that this graphic is only an overview with maximum payouts per category listed. For more details about rewards, see our payout guidelines. All payout values are in USD.

Program scope

To be eligible for a bounty, you can report a security bug in one or more of the following Meta technologies:

Facebook
Messenger
Instagram
WhatsApp
Workplace
Meta Quest
Ray-Ban Stories
Meta AI
Open source
View scope examples

Our latest event

Meta Bug Bounty Researcher Conference (MBBRC) 2024 hosted in Johannesburg, South Africa. You can be here too by participating in Meta Bug Bounty’s Hacker Plus loyalty program.

Learn more about Hacker Plus

Learn more

Payout guidelines
Hacker Plus benefits
Data abuse
Skip to main content
Meta
Meta Bug Bounty
Tools
Leaderboard
Learn
Submit a report