Hacker Posts Bug Report on Zuckerberg’s Timeline

When hacker Khalil Shreateh reported a vulnerability on Facebook and was not taken seriously, he ended up posting the bug report on Mark Zuckerberg’s wall.

What if you find a bug on Facebook’s privacy feature and no one took you seriously? What is the best way to get Facebook’s attention. A great way is to post the bug report on Mark Zuckerberg’s wall. This is exactly what a Palestinian online security expert, Khalil Shreateh did when he found a vulnerability that allowed a Facebook user to post a message on any Facebook user’s timeline even if they were not in his timeline.

Facebook has a Bug Bounty program called Whitehat. It allows bug reporters to report a bug and pick up $500.

Khalil initially used Whitehat to send in a bug report. He was sent a reply by Facebook that it was not a bug. That is when the hacker decided to catch the attention of Facebook by posting the bug report on Mark Zuckerberg’s wall.

Not just that, he also took screenshots of it and posted them online in a blogpost.

Zuckerberg Wall Bug Report - Copy


Unfortunately the $500 bounty for the hacker was denied to Khalil because he had not followed terms and conditions of the White Hat program. They also ended up suspending his account for sometime before reinstating it.

This is actually very shabby treatment by Facebook of the hacker. Khalil could have posted about the vulnerability online for the general public to use and literally caused mayhem on Facebook. But he chose to do the right thing by reporting it to Facebook. Unfortunately the social network which likes to ‘break things’  and do things the ‘Hacker way’ did not appreciate it.

(via RT)

6 replies on “Hacker Posts Bug Report on Zuckerberg’s Timeline”

Actually Khalil helped Facebook realize this bug! He should be given the reward. It’s a shame that Facebook plays the bad guy role by giving out silly reasons that Khalil failed to use a test account and get the consent of the other account’s owner.

Comments are closed.