Bypass Facebook Business Quarantine — Integrity Safeguards

2 min readJun 23, 2025

In late 2022, Meta Bug Bounty program introduced a new category focused on vulnerabilities related to business integrity safeguards.

Facebook Business Quarantine typically refers to restrictions or penalties placed on a business account due to policy violations, suspicious activity, or potential account compromise (such as hacking).

If a business is placed on quarantine state, the business admin cannot do the following shown in the below payout guidelines image.

During my testing, I discovered that it was possible to bypass all three restrictions just by a single click.

Reproduction Steps:

Script:
[setup]
User UserOne
Business BizOne with {owner: UserOne, quarantine:true}

After creating this FBDL setup, create an additional profile by going to https://www.facebook.com/profile/create and give name and username to your additional profile.

After an additional profile is created , all the business quarantine mentioned on Payout Guidelines were bypassed with normal UI flow because the business account now will be released from quarantine.

Impact

Bypass Facebook business quarantine

Timeline

28 Dec, 2022 — Report sent to Facebook.
12 Jan, 2023 — Meta team unable to reproduce the issue.
13 Feb, 2023 — Triaged.
13 Feb, 2023 — 9 Oct, 2023 — Back and forth communication to the Meta team even after Triage.
23 Feb, 2024 — Confirmation of patch by Facebook.
6 Mar, 2024 — $500 awarded by Facebook ? 😂
6 Mar, 2024 — Payout dispute
19 Apr, 2024 — Got reply from the Meta team that the issue was only reproducible for the FBDL test users and business quarantine is no longer available.