I had the same thought. Seems like the value of such an exploit could be a lot more than $5k to the right people in the open market.
The macro effect is that when someone with lower moral/ethical standards discovers such an exploit it's more likely the find will end up being sold for more money and ultimately used maliciously in the wild.
The more $fb pays the greater the incentive will be for shady people to responsibly report it to $fb.
Relying on good samaritans doesn't seem like a sustainable or particularly responsible solution to taking care of those trusting the Facebook platform to not leak their private information.
Seems like the value of such an exploit could be a lot more than $5k to the right people in the open market.
Probably not. What would the buyer do with it? It's probably very hard to mass scrape FB (rate limiting would kick in), and there are other ways of getting a specific email address.
The macro effect is that when someone with lower moral/ethical standards discovers such an exploit it's more likely the find will end up being sold for more money and ultimately used maliciously in the wild.
The more $fb pays the greater the incentive will be for shady people to responsibly report it to $fb.
Relying on good samaritans doesn't seem like a sustainable or particularly responsible solution to taking care of those trusting the Facebook platform to not leak their private information.