Mark Zuckerberg's Facebook Wall Hacked to Show Exploit
“Dear Mark Zuckerberg,” he wrote , “[Errors included] First sorry for breaking your privacy and post to your wall, i has no other choice to make after all the reports i sent to Facebook team.” Shreateh went on to describe how his interactions with the Facebook security team resulted in no action or acknowledgement of the existence of the bug. They kind of brushed him off, really.
For his trouble, he said in a detailed blog post that Facebook immediately deactivated his account. After some further back-and-forth with Facebook, Shreateh got his account back and Facebook acknowledged the bug he’d discovered.
To be fair to Facebook, though, it doesn’t appear that Shreateh reported the bug through the proper channels and didn’t offer the proper technical details, so it’s hard to fault them for not taking him seriously at first. Further, Shreateh hacked the Facebook page of Sarah Goodin before hacking Zuckerberg’s page, and although both impressive and humorous, neither act garnered the favor of Facebook.
Shreateh should have handled things differently, although you have to give him a tip of the hat for finding a bug and reporting it directly to Facebook instead of keeping it to himself and wreaking havoc. Facebook should pay him the bug bounty, even if he didn’t report things correctly.