Meta
Meta
FacebookInstagramXYouTube
Meta Bug Bounty
Meta Bug Bounty overviewLeaderboardsProgram scopeProgram termsHacker Plus benefitsHacker Plus terms
Program tools
SSRF validatorTest accountsFBDLAccess token debuggerGraph API explorer
Payout guidelines
Payout guidelines overviewMobile remote code executionAccount take-overMeta hardware devicesServer side request forgery (SSRF)Platform privacy assertions2FA bypassContact point deanonymizationPage admin disclosureCross-site leaks
Data Abuse program
Data Abuse program overviewData Abuse termsReport abuseManage reports
Site terms and policies
Privacy policyTermsCookie policy
Meta Bug Bounty
Meta Bug Bounty overview
Leaderboards
Program scope
Program terms
Hacker Plus benefits
Hacker Plus terms
Program tools
SSRF validator
Test accounts
FBDL
Access token debugger
Graph API explorer
Payout guidelines
Payout guidelines overview
Mobile remote code execution
Account take-over
Meta hardware devices
Server side request forgery (SSRF)
Platform privacy assertions
2FA bypass
Contact point deanonymization
Page admin disclosure
Cross-site leaks
Data Abuse program
Data Abuse program overview
Data Abuse terms
Report abuse
Manage reports
Site terms and policies
Privacy policy
Terms
Cookie policy
Meta Bug Bounty
Meta Bug Bounty overview
Leaderboards
Program scope
Program terms
Hacker Plus benefits
Hacker Plus terms
Program tools
SSRF validator
Test accounts
FBDL
Access token debugger
Graph API explorer
Data Abuse program
Data Abuse program overview
Data Abuse terms
Report abuse
Manage reports
Payout guidelines
Payout guidelines overview
Mobile remote code execution
Account take-over
Meta hardware devices
Server side request forgery (SSRF)
Platform privacy assertions
2FA bypass
Contact point deanonymization
Page admin disclosure
Cross-site leaks
Site terms and policies
Privacy policy
Terms
Cookie policy
Meta Bug Bounty
Meta Bug Bounty overview
Leaderboards
Program scope
Program terms
Hacker Plus benefits
Hacker Plus terms
Program tools
SSRF validator
Test accounts
FBDL
Access token debugger
Graph API explorer
Payout guidelines
Payout guidelines overview
Mobile remote code execution
Account take-over
Meta hardware devices
Server side request forgery (SSRF)
Platform privacy assertions
2FA bypass
Contact point deanonymization
Page admin disclosure
Cross-site leaks
Data Abuse program
Data Abuse program overview
Data Abuse terms
Report abuse
Manage reports
Site terms and policies
Privacy policy
Terms
Cookie policy
Legal
* All payout amounts are in USD

©2025 Meta.

Skip to main content
Meta
Meta Bug Bounty
Tools
Leaderboard
Learn
Submit a report

Post editing media leaks

Max payout:

$7.5k*

Guidelines

At Meta, we value the contributions of external researchers in helping us identify and address potential vulnerabilities in our video composers features. These guidelines outline how we evaluate the impact of reports submitted through our Bug Bounty program and determine the corresponding payouts, with a maximum payout of $7.5K* for issues specific to video composer features and then apply any applicable deduction based on the required user interaction, prerequisites, and any other mitigation factors to arrive at the final awarded bounty amount.

Payouts

Video edits in the composer are not applied in both the trim duration and mute status
up to
$7.5k*

Maximum payouts

Video edits in the composer are not applied in both the trim duration and mute status and the final shared content is the same as the uploaded video file without any edits.
up to
$7.5k*
Video edits in the composer are inaccurate by a few seconds in trimming or audio mutes (i.e., not a full video).
up to
$2k*

Mitigating factors (deduction from maximum amount)

We consider the following factors when deducting from the maximum payout to arrive at the final bounty amount:

If it only affects audio and not video duration.
Note: multiple actions -50% or higher
-50% or higher
Requires excessive and unlikely user interaction
Note: multiple actions -90% or higher
-90% or higher