Facebook founder Mark Zuckerberg’s own Facebook page has been hacked by a disgruntled user who was ignored when he submitted bug reports to the social networking site. White hat hacker Khalil Shreateh reported to Facebook about a vulnerability that allowed him to post on anyone’s wall, but when Facebook security team ignored him, he decided to call their attention the best way he knew how.

Khalil, a Palestinian ethical computer hacker, defended his story on his blog. According to him, he discovered a “serious facebook vulnerability that allows a facebook user to post all facebook users timeline even they are not in his friend list.”

He reported his discovery on Facebook’s whitehat page, but the security team told him the link he provided had an error. He explained that he posted a link to a wall of a certain Sarah Goodin, who wasn’t in his friends’ list and who was in the same college with Zuckerberg.

The security team of the Web site did not see the error because they did not have the authority to view Sarah’s private timeline post. He explained as such to the team, and even told them he might post to Zuckerberg’s page.

But again, the security team did nothing, just replying, “I am sorry this is not a bug.”

So Khalil posted his message on Zuckerberg’s timeline to prove his point.

Mark Zuckerberg's Facebook page
Khalil's message on Mark Zuckerberg's timeline

The hacker apologised to Zuckerberg for writing on his wall and explained why he did so, saying he had no choice left.

“i report that exploit twice, first time i got a replay that my link has an error while opening, other replay i got was ‘sorry this is not a bug’. Both reports i sent from www.facebook.com/whitehat, and as you see iam not in your friend list and yet i can post to your timeline,” (sic) Khalil told the Facebook big boss.

“i appreciate your time reading this and getting some one from your company team to contact me.”

Minutes after posting his message, Facebook security engineer Ola Okelola commented, asking him for more details about the bug. A short time later still, Khalil’s account was disabled with no explanation given. He wrote to the security team to ask them to reactivate his account.

Facebook wrote that it disabled his page as a “precaution,” adding instructions on how Khalil should have submitted his report to them.

“When we discovered your activity we did not fully know what was happening. Unfortunately your report to our Whitehat system did not have enough technical information for us to take action on it. We cannot respond to reports which do not contain enough detail to allow us to reproduce an issue. When you submit reports in the future, we ask you to please include enough detail to repeat your actions.”

The company stressed that it would not be able to pay Khalil for “this vulnerability” because he apparently violated its Terms of Service. However, it has re-enabled his Facebook account.

The payment that was mentioned was supposed to be awarded to those who have discovered a bug and reported it to the security team. But since Facebook claimed that Khalil violated their TOS because he hacked into Zuckerberg’s account, he couldn’t claim the reward, which is approximately USD4,000.

A lot of Facebook users, meanwhile, do not agree with the company’s policy. Many FB commenters on Khalil’s Blogspot page pointed out that Khalil did, in fact, reported the bug twice through proper channels but the team did not listen to him.

“FB out ‘n out stiffed Khalil out of $4,000! Is FB making every effort to build an informed enemy of users?” a user named Charleston Voice wrote.

“Hey bro you’re awesome, just keep doing what you think is good. Next time sell it in to blackmarket. Cheers!” another one named Adrian Aldan said.

GrockJake from YouTube also passionately claimed that Khalil should be given his reward, writing, “If they don’t give this dude his money, I will delete my facebook account and spread the message around for everyone to do the same. GIVE KHALIL HIS DESERVED MONEY!!!!!!”

Also read:
Chinese Kiwis Defend New Zealand Over Botulism Scare On Social Media [Read]

American Teen Named Vine Kitten Kicker For Cruel Video Post [Read]

RELATED STORIES