Facebook awarded more than $1 million in bug bounty awards last year and received close to 15,000 submissions.

Of the thousands of submissions, 687 were valid and received rewards, according to a company update on the program. Facebook saw a 246 percent increase in bug submissions in 2013 over 2012, and since the program began in 2011, the company has doled out more than $2 million. Researchers in Russia earned the most reward money — with each bug discovery earning them an average of $3,961 — while experts in India submitted the most valid bugs with 136.

The company noted in its update that it analyzes every reported vulnerability it receives. Typically a bug is fixed within six hours.

A Brazilian computer engineer received the largest bounty earlier this year for discovering a Remote Code Execution vulnerability.