Hacker Posts Bug Report on Zuckerberg’s Timeline

When hacker Khalil Shreateh reported a vulnerability on Facebook and was not taken seriously, he ended up posting the bug report on Mark Zuckerberg's wall.

What if you find a bug on Facebook’s privacy feature and no one took you seriously? What is the best way to get Facebook’s attention. A great way is to post the bug report on Mark Zuckerberg’s wall. This is exactly what a Palestinian online security expert, Khalil Shreateh did when he found a vulnerability that allowed a Facebook user to post a message on any Facebook user’s timeline even if they were not in his timeline.

Facebook has a Bug Bounty program called Whitehat. It allows bug reporters to report a bug and pick up $500.

Khalil initially used Whitehat to send in a bug report. He was sent a reply by Facebook that it was not a bug. That is when the hacker decided to catch the attention of Facebook by posting the bug report on Mark Zuckerberg’s wall.

Not just that, he also took screenshots of it and posted them online in a blogpost.

Zuckerberg Wall Bug Report - Copy


Unfortunately the $500 bounty for the hacker was denied to Khalil because he had not followed terms and conditions of the White Hat program. They also ended up suspending his account for sometime before reinstating it.

This is actually very shabby treatment by Facebook of the hacker. Khalil could have posted about the vulnerability online for the general public to use and literally caused mayhem on Facebook. But he chose to do the right thing by reporting it to Facebook. Unfortunately the social network which likes to ‘break things’  and do things the ‘Hacker way’ did not appreciate it.

(via RT)


Anshul Dixit August 19, 2013

This is just one side of the story. For the complete picture, read this

Arun Sathiya August 19, 2013

Actually Khalil helped Facebook realize this bug! He should be given the reward. It’s a shame that Facebook plays the bad guy role by giving out silly reasons that Khalil failed to use a test account and get the consent of the other account’s owner.

Aditya Kane August 19, 2013

The guy basically did Facebook a favor and is being treated by in a very bureaucratic manner. Not befitting a web giant at all.

mitesh August 19, 2013


Harish August 20, 2013

no one is safe in the virtual world.

Biswajeet August 21, 2013

This guy should surely be rewarded. This is wrong doing by FB. Dunno why then they conduct hacking competitions.