[MichaelGG]

Who is paying 50k for these things? A while back the Hacking Team dumps showed very low prices. Zero days in widespread desktop systems were like 100k. Why would a remote service flaw that can be fixed at a moment's notice be worth much more?

How do you recoup 50k on FB? Not a theoretical "I'll hack Tom Cruises' pictures and blackmail him" but an actual demonstrated business model.

[rl3]

If it's a government buying the exploit, they wouldn't care about recouping the cost. Hence why a large sum is feasible.

[MichaelGG]

Didn't the HT leaks show vulns that'd be sold to anyone? An online service hack just wouldn't command the same pricing. Is there any source/docs to indicate the e.g. NSA pays $50K for this kind of vuln?

Also note that the majority of government entities can just legally request information.

[rl3]

>Is there any source/docs to indicate the e.g. NSA pays $50K for this kind of vuln?

If anything smaller governments without in-house vulnerability research would be more willing to pay large amounts.

>Also note that the majority of government entities can just legally request information.

The kind of governments that would be interested in exploiting Facebook probably aren't the kind that could legally request the information in the first place.