Security researcher penalised $3750 by Facebook for verifying vulnerability
philippeharewood.comSeems you did not disclose this over the Facebook Portal Smart Video Calling Touch Screen. Consider yourself lucky they did not deduct $7000 instead.
Hmm, so they reported it to FB & apparently had the vuln confirmed but then retested the vuln a couple of times at 12h & 22h after reporting/confirmation, with the implication that each time they were exposing other user's data...
Not too surprised they reduced the award, tbh...
Sucks but it goes against their bug bounty tos facebook.com/whitehat.
It's sorta bad to punish folks who have been helping secure the org for a while (in my opinion).