Security researcher penalised $3750 by Facebook for verifying vulnerability

Seems you did not disclose this over the Facebook Portal Smart Video Calling Touch Screen. Consider yourself lucky they did not deduct $7000 instead.

Hmm, so they reported it to FB &amp; apparently had the vuln confirmed but then retested the vuln a couple of times at 12h &amp; 22h after reporting&#x2F;confirmation, with the implication that each time they were exposing other user&#x27;s data...<p>Not too surprised they reduced the award, tbh...

Sucks but it goes against their bug bounty tos facebook.com&#x2F;whitehat.<p>It&#x27;s sorta bad to punish folks who have been helping secure the org for a while (in my opinion).