What if you find a bug on Facebook’s privacy feature and no one took you seriously? What is the best way to get Facebook’s attention. A great way is to post the bug report on Mark Zuckerberg’s wall. This is exactly what a Palestinian online security expert, Khalil Shreateh did when he found a vulnerability that allowed a Facebook user to post a message on any Facebook user’s timeline even if they were not in his timeline.
Facebook has a Bug Bounty program called Whitehat. It allows bug reporters to report a bug and pick up $500.
Khalil initially used Whitehat to send in a bug report. He was sent a reply by Facebook that it was not a bug. That is when the hacker decided to catch the attention of Facebook by posting the bug report on Mark Zuckerberg’s wall.
Not just that, he also took screenshots of it and posted them online in a blogpost.
Unfortunately the $500 bounty for the hacker was denied to Khalil because he had not followed terms and conditions of the White Hat program. They also ended up suspending his account for sometime before reinstating it.
This is actually very shabby treatment by Facebook of the hacker. Khalil could have posted about the vulnerability online for the general public to use and literally caused mayhem on Facebook. But he chose to do the right thing by reporting it to Facebook. Unfortunately the social network which likes to ‘break things’ and do things the ‘Hacker way’ did not appreciate it.
This is just one side of the story. For the complete picture, read this
Actually Khalil helped Facebook realize this bug! He should be given the reward. It’s a shame that Facebook plays the bad guy role by giving out silly reasons that Khalil failed to use a test account and get the consent of the other account’s owner.
The guy basically did Facebook a favor and is being treated by in a very bureaucratic manner. Not befitting a web giant at all.
SOME ONE BREAKED IN TO MARK ZUCKERBERG.
THIS GUY WOULD BE REALLY AWESOME.
no one is safe in the virtual world.
This guy should surely be rewarded. This is wrong doing by FB. Dunno why then they conduct hacking competitions.