White-Hat Hacker Posts On Mark Zuckerberg's Facebook Wall To Point Out Security Bug

After Khalil Shreateh couldn't get Facebook's attention with his report, the white-hat hacker took matters into his own hands and hacked the social media network founder's own page.

Mark Zuckerberg had his Facebook wall hacked last week. The dirty perpetrator was a white-hat hacker from Palestine called Khalil Shreateh who, after noticing a security flaw that allowed other people to post on a Facebook user's wall, contacted Facebook via the usual channels. Anyone who points out the existence of holes or bugs can earn a reward.

The first time he did so, Facebook, ignored his email. After he resent details of the issue, the firm came back to him and told him that what he had found was not a bug. So he decided to get their attention another way, writing, "First sorry for breaking your privacy and post to your wall , i has no other choice to make after all the reports i sent to Facebook team," followed by details of the bug.

Khalil's Facebook account was immediately disabled while the social network's engineers investigated. The bug, according to The Verge, could have been used to spam users of the Big Blue Book with malicious links. It has since been fixed, and Shreateh's account has been re-enabled. So, reward for Mr. Shreateh? I'm afraid not. His actions violated Facebook's Terms of Service, said one of the engineers on the firm's security team.

[Image: Flickr user Michael Cory]

Add New Comment

14 Comments

  • Sheila Green

    I am appalled at the response from Facebook! Perhaps Mark Z. should take a hard look at his team that put Khalil off - sounds like Facebook's complacency and arrogance allowed a major blunder in security that could have cost them millions. A thank-you? A reward? Nothing. Shame on you Facebook. Khalil - I hope your amazing character and obvious tech savvy will open doors for you that you so richly deserve.

  • Esteban G.

    I fully expect FB to contact this guy and offer him a job. FB's mentality has always been "F***ck rules". It matters little that this guy ridiculed Mark, he wanted something fixed and cared little for rules and structures. 

  • Carlos Lira

    Hi, Esteban!
    You said the most purest true! I'm in your side!!!
    Sincere regards,
    Carlos
    Rio de Janeiro - BR

  • Jessica Miller-Merrell

    Doesn't Facebook have some sort of hacker program where they pay folks who identify bugs and problems in the system? 

    Jessica

  • vgd

    A reaction that'd been expected from JC Penney than from Facebook. Maybe they're down the same road

  • Lawrance Parks

    DELETE FACEBOOK EVERYONE SHOULD DELETE FACEBOOK OVER THIS. I AM...

  • Bobby Metzinger

    So, could we classify Snowden as a White Hat Whistleblower? Sounds like some sort of crusty early 90s Dylan song. 

  • Leila

    Khalil doesn't need Facebook's bonus anymore--he's already made a clear mark through a simple gesture in the tech world.  Let's see who approaches him now for jobs. Good job Khalil!

  • Greg Osadetz

    FB is clearly losing its sense of humor, and diluting down its gene pool. Their immediate response that they won't pay a clearly deserved bonus clearly shows a big company fear ("... and what if someone else does it!!!!"). If the security engineer that sent the response "This is not a bug" still has a job after this, the solution is for him to pay to $500.

  • Luciano Elias

    Anyone who ever had to deal with Facebook's customer service will tell you that it is completely nonexistent. The company is only where it is because of it ubiquity, which, while not a small feat, is hardly a guarantee that it won't break in the future.

  • Aarons

    Not only did he not give enough info each time he reported it but he violated terms of service to show it off. Which basically means he doesn't get any of the $500 + bug report money.

  • Erik Carlson

    If he was able to hack Mark Zuckerberg's Facebook account, something tells me that he wasn't in it for the money. ;)

  • John Davis

    If he gave enough info for them do decide it wasn't a bug, that seems enough info to me.  Otherwise, they should have asked for more info, not rendered a verdict.

  • Guest

    [QUOTE] So, reward for Mr. Shreateh? I'm afraid not.  [/QUOTE]

    Just goes to show that the old saying still holds true:  No good dead goes unpunished... in this case not so much punished as cheated, but the essence of the rule holds true.

    Good for Khalil for being the good guy though.