In an effort to track down malicious developers who abuse user data, Instagram has today announced a new Data Abuse Bounty program offering cash bounties to security researchers for tracking down cases where users’ data is being misappropriated (via Business Insider).
The Facebook-owned app has made the announcement just days after it was revealed that marketing firm Hyp3r was illicitly harvesting millions of Instagram users’ data, tracking their locations, and saving their Stories. The incident was believed to have been caused by “a combination of configuration errors and lax oversight by Instagram.”
“Our goal is to help protect the information people share on Instagram and encourage security researchers to report potential abuse to us so we can quickly take action,” Instagram security engineering manager Dan Gurfinkel wrote in a blog post. “Just like our bug bounty program, we will reward reports based on impact and quality.”
Instagram has also invited a select group of researchers to “stress test” Checkout on Instagram, a new feature for the app that lets users make purchases, and is currently only available to a small group of users in private beta.
The company said that as part of their participation, the researchers will receive early access to the Checkout feature in addition to receiving bounty awards for eligible reports.