Khalil Shreateh is an IT expert and hacker Palestine. Recently, he found a failure of security on Facebook. The vulnerability allowed anyone to publish, without authorization, content in the wall of other users. Khalil reported the problem to Facebook, offering rewards for those who find loopholes in the social network, but was ignored: according to the security team, it was “not a bug”.
To encourage security researchers to find flaws in Facebook (before someone malicious find them), the company gives rewards in money that are at least $ 500 per bug – there is no maximum limit. So of course that Khalil was a little upset when he had his report ignored. What did he do? Demonstrated the flaw in Mark Zuckerberg’s profile:
For a few minutes, the Zuck page displayed the message “First of all, sorry for invading your privacy and post to your wall, had no choice after all the information sent to the team’s Facebook”, followed by some details that explained how could exploit the flaw.
Then, finally, the Facebook security team paid attention to the case. Just a few minutes after publishing the Mark Zuckerberg page, Khalil had his Facebook account temporarily blocked as a security measure. Engineers contacted Khalil to ask for more details about the problem and corrected the breach on Thursday.
So now everything is solved – or nearly so. As Khalil posted a message on Mark Zuckerberg page without authorization, he broke one of the rules of White Hat Facebook program, and will not receive a penny for his discovery.