Facebook has patched a bug that would have allowed hackers to turn on a user's webcam and then post the video to the user's profile. The bug was discovered by two computer-security researchers in India. Aditya Gupta and Subho Halder each received $2,500 in cash for finding the bug.
$2,500 is five times the usual price paid by Facebook for finding bugs, so this one can definitely be classified as "serious." Several companies participate in these "bug bounties," though a notable few don't. Microsoft is one of these companies that doesn't. Facebook says that their investigation turned up no users who were affected by the bug.
"This vulnerability, like many others we provide a bounty for, was only theoretical, and we have seen no evidence that it has been exploited in the wild," Wolens wrote in an e-mail. "Essentially, several things would need to go wrong - a user would need to be tricked into visiting a malicious page and clicking to activate their camera, and then after some time period, tricked into clicking again to stop/publish the video."
All told, Facebook, Google, and Mozilla have paid more than $2 million to researchers for finding bugs.