Meta
Meta
FacebookInstagramXYouTube
Meta Bug Bounty
Meta Bug Bounty overviewLeaderboardsProgram scopeProgram termsHacker Plus benefitsHacker Plus terms
Program tools
SSRF validatorTest accountsFBDLAccess token debuggerGraph API explorer
Payout guidelines
Payout guidelines overviewMobile remote code executionAccount take-overMeta hardware devicesServer side request forgery (SSRF)Platform privacy assertions2FA bypassContact point deanonymizationPage admin disclosureCross-site leaks
Data Abuse program
Data Abuse program overviewData Abuse termsReport abuseManage reports
Site terms and policies
Privacy policyTermsCookie policy
Meta Bug Bounty
Meta Bug Bounty overview
Leaderboards
Program scope
Program terms
Hacker Plus benefits
Hacker Plus terms
Program tools
SSRF validator
Test accounts
FBDL
Access token debugger
Graph API explorer
Payout guidelines
Payout guidelines overview
Mobile remote code execution
Account take-over
Meta hardware devices
Server side request forgery (SSRF)
Platform privacy assertions
2FA bypass
Contact point deanonymization
Page admin disclosure
Cross-site leaks
Data Abuse program
Data Abuse program overview
Data Abuse terms
Report abuse
Manage reports
Site terms and policies
Privacy policy
Terms
Cookie policy
Meta Bug Bounty
Meta Bug Bounty overview
Leaderboards
Program scope
Program terms
Hacker Plus benefits
Hacker Plus terms
Program tools
SSRF validator
Test accounts
FBDL
Access token debugger
Graph API explorer
Data Abuse program
Data Abuse program overview
Data Abuse terms
Report abuse
Manage reports
Payout guidelines
Payout guidelines overview
Mobile remote code execution
Account take-over
Meta hardware devices
Server side request forgery (SSRF)
Platform privacy assertions
2FA bypass
Contact point deanonymization
Page admin disclosure
Cross-site leaks
Site terms and policies
Privacy policy
Terms
Cookie policy
Meta Bug Bounty
Meta Bug Bounty overview
Leaderboards
Program scope
Program terms
Hacker Plus benefits
Hacker Plus terms
Program tools
SSRF validator
Test accounts
FBDL
Access token debugger
Graph API explorer
Payout guidelines
Payout guidelines overview
Mobile remote code execution
Account take-over
Meta hardware devices
Server side request forgery (SSRF)
Platform privacy assertions
2FA bypass
Contact point deanonymization
Page admin disclosure
Cross-site leaks
Data Abuse program
Data Abuse program overview
Data Abuse terms
Report abuse
Manage reports
Site terms and policies
Privacy policy
Terms
Cookie policy
Legal
* All payout amounts are in USD

©2025 Meta.

Hacker Plus

This program was made with you in mind. We want to reward your efforts in helping make Meta apps and services more secure. The Hacker Plus loyalty program is offered by Meta Bug Bounty, see scope and terms.

See the leaderboard

Rewards

By participating in Meta Bug Bounty and identifying verified security vulnerabilities in Meta technologies, you can potentially earn:
Multiplier bonuses on top of standard bounty award payouts
VIP perks (including paid travel and accommodation) to our annual hacker events
Expanded access to private bounties for unreleased products and features
Cool swag†
Ultimate bragging rights as you reach the top and earn badges for your researcher profile

Leagues

Submit high impact bugs to Meta Bug Bounty and get automatically placed into a Hacker Plus league. The higher the league you're in, the more rewards you may earn. Placement into higher tier leagues requires meeting additional criteria. Below is a summary of league qualification criteria and rewards that are potentially associated with each league.

For more information about participation and rewards, including approximate retail values, please visit the Meta Hacker Plus program Terms and conditions.

Meta Bug Bounty Hacker Plus Diamond Badge — honors the highest-performing security researchers with exceptional impact and long-term contributions.
Diamond
Qualifying criteria
Score > 3000
SNR > 0.6
Valid bugs >= 10
Multiplier bonus
20%
Expanded access to private bounties
Yes
Swag†
Trips & events
- Live hacking events
- Vegas DEFCON
Leaderboard
rank 1 diamond leage
RyotaK
rank 2 diamond leage
Marcos Ferreira
rank 3 diamond leage
Lokesh Kumar
View all
Meta Bug Bounty Hacker Plus Platinum Badge — awarded to top contributors with a strong track record of high-quality vulnerability reports.
Platinum
Qualifying criteria
Score > 2000
SNR > 0.5
Valid bugs >= 7
Multiplier bonus
15%
Expanded access to private bounties
Yes
Swag†
Trips & events
- Live hacking events
- Vegas DEFCON**
Leaderboard
rank 1 platinum leage
Muhammed Althaf AS
rank 2 platinum leage
Renato Amaral
rank 3 platinum leage
Neeraj Sharma
View all
Meta Bug Bounty Hacker Plus Gold Badge — earned by consistently high-performing researchers who submit impactful, valid reports.
Gold
Qualifying criteria
Score > 1000
SNR > 0.4
Valid bugs >= 5
Multiplier bonus
10%
Expanded access to private bounties
Yes
Swag†
Trips & events
Live hacking events**
Leaderboard
rank 1 platinum leage
Dipesh Bohora
rank 2 platinum leage
Bassem M Bazzoun
rank 3 platinum leage
Sandeep Hodkasia
View all
Meta Bug Bounty Hacker Plus Silver Badge — given to researchers with a growing number of valid submissions and active program participation.
Silver
Qualifying criteria
Score > 500
SNR > 0.3
Valid bugs >= 3
Multiplier bonus
7.5%
Swag†
Meta Bug Bounty Hacker Plus Bronze Badge — recognizes new participants who have started contributing valid vulnerability reports.
Bronze
Qualifying criteria
Score > 200
SNR > 0.2
Valid Bugs >= 1
Multiplier bonus
5%

**Eligible for consideration based on Meta discretion
†Customized based on your league

FAQs

Who can participate?
Researchers who submit at least one valid vulnerability report and received a payout according to the Meta Bug Bounty terms and conditions are eligible to participate in the Hacker Plus program.

Other eligibility criteria includes:

  1. Participants must not be subject to US trade sanctions and/or economic restrictions.
  2. Participants under the age of majority in their own country must be accompanied by a parent or legal guardian for certain rewards (e.g. travel and event participation).

Rewards and participation are subject to program terms and conditions.
How do I join a league or know what league I’m in?
Once you meet the qualifications for a league, you will receive a notification within Facebook and a badge for the league will be posted to your researcher profile. You will also receive notifications as you approach the qualifications for the league above your existing one.
How is score and SNR calculated?
A detailed breakdown of how score and SNR is calculated can be found here. It’s important to note that Hacker Plus applies scoring and SNR calculations to all reports you have submitted in the previous 12-month period. The Leaderboard page is separate from the Hacker Plus program and is calculated based on all reports received for the calendar year.
Is it possible to drop down a league?
Once you reach a certain league, that level is set for 12 months. If you achieve the qualifications for a higher league, you will be promoted immediately. 12 months from the date that you qualify for a league, Meta Bug Bounty will begin to reevaluate your participation. If you have failed or fail to meet one of the criteria for a continuous 12 month period, then you will be downgraded to the league that is 1 league less than your current league.
Will my rating be public?
On your researcher profile page (https://www.facebook.com/whitehat/researcher-settings/), you have the option to make part of your researcher profile public, including things like the profile banner, badges you received and researcher metrics such as score & signal. If you choose to share your information through this feature, your name will be displayed on our leaderboard alongside your Hacker Plus league & Facebook profile picture. This leaderboard is public and others, including people without a Facebook account, may use it or share it with third parties.
Why do you need this program in addition to your existing leaderboard?
The mission of Hacker Plus is to offer additional recognition and rewards to our researcher community for their significant contributions to Meta Bug Bounty and the security of our services. We also hope to foster a community among the researchers who actively participate in our program and provide a place for researchers to collaborate and share their learnings. While our Leaderboard page ranks researcher contributions within a specific calendar year, Hacker Plus provides a snapshot of a researcher’s contributions and scores in the previous 12 month period.
When are rewards distributed?
Here's a summary:
  • Multiplier bonus payouts are issued whenever you are awarded a bounty for a valid submission.
  • You must reach the Platinum or Diamond league 120 days prior to an event date to receive an invitation and travel/accommodation to the event. Meta Bug Bounty requires at least 90 days advance notice and prior approval for campus visit rewards.
  • Swag and merchandise are typically distributed between January - April each calendar year.
What badges can I earn?
Each league has a dedicated badge which will be displayed in your researcher profile.

Hacker Plus also recognizes our researchers for other Meta Bug Bounty achievements including:

FBDL submitted reports

Blue badge of a magnifying glass searching a piece of paper with the number 1 at the bottom.
Submitted 1 FBDL report
Blue badge of a magnifying glass searching a piece of paper with the number 10 at the bottom.
Submitted 10 FBDL reports
Blue badge of a magnifying glass searching a piece of paper with the number 25 at the bottom.
Submitted 25 FBDL reports
Blue badge of a magnifying glass searching a piece of paper with the number 50 at the bottom.
Submitted 50 FBDL reports
Blue badge of a magnifying glass searching a piece of paper with a green checkmark at the bottom.
Certified FBDL user
Blue badge of a magnifying glass searching a piece of paper with a green wrench at the bottom.
FBDL contributor

Donated bounties

Red badge of a hand extending a bug icon with a heart on it and the number 1 at the bottom.
Donated 1 payout
Red badge of a hand extending a bug icon with a heart on it and the number 3 at the bottom.
Donated 3 payouts
Red badge of a hand extending a bug icon with a heart on it and the number 5 at the bottom.
Donated 5 payouts
Red badge of a hand extending a bug icon with a heart on it and the number 10 at the bottom.
Donated 10 payouts
Red badge of a hand extending a bug icon with a heart on it and the number 20+ at the bottom.
Donated 20+ payouts

Private bounty payouts

Grayish-purple badge of a padlock made to look like a bug with the number 1 at the bottom.
Participated in 1 private bounty
Grayish-purple badge of a padlock made to look like a bug with the number 5 at the bottom.
Participated in 5 private bounties
Grayish-purple badge of a padlock made to look like a bug with the number 10 at the bottom.
Participated in 10 private bounties
Grayish-purple badge of a padlock made to look like a bug with the number 20+ at the bottom
Participated in 20+ private bounties

Valid Reporting

Yellow badge of a speech bubble with a red bug inside it and the number 1 at the bottom.
Submitted 1 valid bug
Yellow badge of a speech bubble with a red bug inside it and the number 10 at the bottom
Submitted 10 valid bugs
Yellow badge of a speech bubble with a red bug inside it and the number 50 at the bottom.
Submitted 50 valid bugs
Yellow badge of a speech bubble with a red bug inside it and the number 100+ at the bottom.
Submitted 100+ valid bugs

Learn more

Report a security vulnerability
Review Bug Bounty terms and scope
Skip to main content
Meta
Meta Bug Bounty
Tools
Leaderboard
Learn
Submit a report