What if you find a bug on Facebook’s privacy feature and no one took you seriously? What is the best way to get Facebook’s attention. A great way is to post the bug report on Mark Zuckerberg’s wall. This is exactly what a Palestinian online security expert, Khalil Shreateh did when he found a vulnerability that allowed a Facebook user to post a message on any Facebook user’s timeline even if they were not in his timeline.
Facebook has a Bug Bounty program called Whitehat. It allows bug reporters to report a bug and pick up $500.
Khalil initially used Whitehat to send in a bug report. He was sent a reply by Facebook that it was not a bug. That is when the hacker decided to catch the attention of Facebook by posting the bug report on Mark Zuckerberg’s wall.
Not just that, he also took screenshots of it and posted them online in a blogpost.
Unfortunately the $500 bounty for the hacker was denied to Khalil because he had not followed terms and conditions of the White Hat program. They also ended up suspending his account for sometime before reinstating it.
This is actually very shabby treatment by Facebook of the hacker. Khalil could have posted about the vulnerability online for the general public to use and literally caused mayhem on Facebook. But he chose to do the right thing by reporting it to Facebook. Unfortunately the social network which likes to ‘break things’ and do things the ‘Hacker way’ did not appreciate it.