Bypassing Brand Collabs Manager Eligibility on Facebook

In this week’s blog, I am writing about how I was able to bypass the eligibility criteria for the Brand Collabs Manager and register my page without meeting the criteria and policy. I wasn’t awarded any bounty for this as Facebook’s production team deemed it unqualified for monetary reward.

If you are not familiar with what Brand Collabs Manager is on Facebook, it is the monetization of Facebook videos where brands can reach to their creators for branded content partnerships.

To be eligible to register in brand collabs one needs to meet the following conditions-

  • Your Facebook page must have a minimum of 1,000 followers.
  • In 60 days, your posts must have reached 15000 engagement.
  • In 60 days, your videos must have 180,000 minutes views.
  • In the last 60 days, your page must have 30,000 views along with a minimum of one minute watch time for videos over 3 minutes long.

Let me take you through what I found -

When I went to the Brand Collabs Manager application form, I saw that I am was not eligible to apply for the brand collabs manager as as my page didn’t meet the above-mentioned criteria.

Image for post
Image for post

However, I tried registering in the brand collabs manager by changing the response status from ineligible to eligible as shown below.

Image for post
Image for post

This was the response of the request to collect information about all the pages. Here, I changed “eligibilityBucket”:” ineligible” to “eligibilityBucket”:” eligible” and I saw that it was eligible for registering in brand collabs manager.

Image for post
Image for post

Once I changed the status to “eligible”, I was granted access to sign-up form for the brand collabs manager. I filled the sign-up form and got a successful message as shown below.

It went for manual verification with the Facebook team and for a moment, I thought my request will be rejected.

However, after waiting for a few minutes I got an mail from Brand Collabs Manager saying that my application was approved.

Image for post
Image for post

I sent a report to the Facebook team including a Proof of Concept (POC). Facebook’s security team triaged the report and got back to me a day later with the following message.

Image for post
Image for post

Video POC


Reported — October 23, 2019

Reproduced — October 28, 2019

Triaged — October 29, 2019

Rejected — November 13, 2019

Though I was not awarded any bounty for this find, it did help me enhance my bounty skills. Bug Bounty is not always about finding bugs and earning money. So don’t get disappointed even if you are not awarded bounty at times and keep continuing bug bounty.

Head of Security at NASSec

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store