Well, that’s one way to prove a point. One Khalil Shreateh (pictured), after discovering a bug in Facebook
that allows users to post on someone else’s Timeline
even if they’re not friends, failed to get Facebook’s attention regarding the matter. So he used the exploit he found to post on Mark Zuckerberg
“Dear Mark Zuckerberg,” he wrote , “[Errors included] First sorry for breaking your privacy and post to your wall, i has no other choice to make after all the reports i sent to Facebook team.” Shreateh went on to describe how his interactions with the Facebook security
team resulted in no action or acknowledgement of the existence of the bug. They kind of brushed him off, really.
For his trouble, he said in a detailed blog pos
t that Facebook immediately deactivated his account. After some further back-and-forth with Facebook, Shreateh got his account back and Facebook acknowledged the bug he’d discovered.
To be fair to Facebook, though, it doesn’t appear that Shreateh reported the bug through the proper channels and didn’t offer the proper technical details, so it’s hard to fault them for not taking him seriously at first. Further, Shreateh hacked the Facebook page of Sarah Goodin before hacking Zuckerberg’s page, and although both impressive and humorous, neither act garnered the favor of Facebook.
Shreateh should have handled things differently, although you have to give him a tip of the hat for finding a bug and reporting it directly to Facebook instead of keeping it to himself and wreaking havoc. Facebook should pay him the bug bounty
, even if he didn’t report things correctly.