Meta Bug Bounty

If you believe you have found a security vulnerability on Meta (or another member of the Meta family of companies), we encourage you to let us know right away.

Submit a report

Bug Bounty rewards

All listed amounts are without bonuses. With Hacker Plus, and any applicable bonuses, you can earn up to 30% of the original bounty amount on top of it!

We pay based on maximum security impact found internally, and our highest payouts reflect that.

Learn more

Total rewards for 2026

251940

Total rewards to date

26259081

$300K*

Mobile RCE

WhatsApp Private Processing

$130K*

Account
Takeover

$30K*

Quest Persistent full secure boot bypass

$20K*

2FA Bypass

$10K*

Contact point deanonymization

$5K*

Page admin disclosure

$500*

Minimum bounty

Please keep in mind that this graphic is only an overview with maximum payouts per category listed. For more details about rewards, see our payout guidelines. All payout values are in USD.

Program scope

To be eligible for a bounty, you can report a security bug in one or more of the following Meta technologies:

Facebook

Messenger

Instagram

Workplace

Meta Quest

Ray-Ban Stories

Meta AI

Open source

View scope examples

Our latest event

Transcript

MBBRC 2025 brought top researchers together in Tokyo, Japan. Want to be part of the next event? Join Meta Bug Bounty’s Hacker Plus program for a chance to qualify.

Learn more about Hacker Plus

Learn more

Payout guidelines

Hacker Plus benefits

Data abuse