When he discovered a bug on Facebook that could potentially allow someone to post on the wall of someone who is not a friend, Palestinian systems information expert Khalil Shreateh submitted it to Facebook’s Whitehat bug report system in the hopes of getting his $500 (or more) reward from the company. When that initial post was ignored, he tried again. When the second post was also ignored, a frustrated Khalil Shreateh responded in the way most likely to get attention paid. He used the exploit to post an Enrique Iglacias video to the Facebook page of Zuckerberg friend Sarah Goodin. That also was ignored, strangely enough. To get Facebook to close a security hole, Khalil Shreateh hacked and posted on Mark Zuckerberg’s Facebook wall.
“We get hundreds of reports every day. Many of our best reports come from people whose English isn’t great – though this can be challenging, it’s something we work with just fine and we have paid out over $1 million to hundreds of reporters,” said Matt Jones from Facebook’s security team. “However, many of the reports we get are nonsense or misguided, and even those (if you enter a password then view-source, you can access the password! When you submit a password, it’s sent in the clear over HTTPS!) provide some modicum of reproduction instructions. We should have pushed back asking for more details here.”
However, once Zuckerberg’s page was compromised, the team acted quickly. The post was removed from Zuckerberg’s wall and Shreateh’s profile was suspended within seconds of the intrusion. However, because he broke Facebook’s TOS by hacking a page, Khalil probably won’t get the bounty due him for reporting the bug. Maybe Facebook will give him a job, instead! It just goes to show you that Facebook is very protective of personal information, so long as it’s not the information of their users.
Tags: facebook, mark zuckerberg, mark zuckerberg facebook page hacked, facebook hacked, facebook wall hacked, mark zuckerberg’s facebook wall hacked, facebook wall hacked, mark zuckerberg hacked, matt jones, palestine, khalil shreateh, sarah goodin