Meta

Instagram

YouTube

Meta Bug Bounty

Meta Bug Bounty overview Leaderboards Program scope Program terms Hacker Plus benefits Hacker Plus terms Bug Bounty blog

Program tools

SSRF validator Test accounts FBDL Access token debugger Graph API explorer

Payout guidelines

Payout guidelines overview Mobile remote code execution Account take-over Meta hardware devices Server side request forgery (SSRF)Platform privacy assertions 2FA bypass Contact point deanonymization Page admin disclosure Cross-site leaks

Data Abuse program

Data Abuse program overview Data Abuse terms Report abuse Manage reports

Site terms and policies

Privacy policy Terms Cookie policy

Meta Bug Bounty

Meta Bug Bounty overview

Hacker Plus benefits

Hacker Plus terms

Bug Bounty blog

Program tools

Access token debugger

Graph API explorer

Payout guidelines

Payout guidelines overview

Mobile remote code execution

Account take-over

Meta hardware devices

Server side request forgery (SSRF)

Platform privacy assertions

Contact point deanonymization

Page admin disclosure

Cross-site leaks

Data Abuse program

Data Abuse program overview

Data Abuse terms

Site terms and policies

Meta Bug Bounty

Meta Bug Bounty overview

Hacker Plus benefits

Hacker Plus terms

Bug Bounty blog

Program tools

Access token debugger

Graph API explorer

Data Abuse program

Data Abuse program overview

Data Abuse terms

Payout guidelines

Payout guidelines overview

Mobile remote code execution

Account take-over

Meta hardware devices

Server side request forgery (SSRF)

Platform privacy assertions

Contact point deanonymization

Page admin disclosure

Cross-site leaks

Site terms and policies

Meta Bug Bounty

Meta Bug Bounty overview

Hacker Plus benefits

Hacker Plus terms

Bug Bounty blog

Program tools

Access token debugger

Graph API explorer

Payout guidelines

Payout guidelines overview

Mobile remote code execution

Account take-over

Meta hardware devices

Server side request forgery (SSRF)

Platform privacy assertions

Contact point deanonymization

Page admin disclosure

Cross-site leaks

Data Abuse program

Data Abuse program overview

Data Abuse terms

Site terms and policies

English (US)

* All payout amounts are in USD

©2025 Meta.

Meta Bug Bounty
Education Center

Two men looking at a phone, one sitting on a chair and one leaning over.

Calling security researchers

We are looking for researchers to test the new private processing features coming to WhatsApp.

Areas of interest:

TEE runtime attacks
VM escape
Establishing Persistence

ADDITIONAL RESOURCES

Understanding the Meta Stack

The Meta Bug Bounty Education Center aims to equip you on how to effectively test the Meta family of apps.

WhatsApp resources

Facebook resources

Messenger resources

Instagram resources

Meta Bug Bounty

Submit a report