Facebook founder and chief executive Mark Zuckerberg's profile page was hacked by an IT security researcher, after the social network ignored warnings that a glitch in the site allowed anyone to post on a stranger’s wall.
A Palestinian security researcher Khalil got in touch with Facebook team to inform them about a bug that allows anyone to post to someone's Facebook wall, even if they are not friends with the individual on Facebook. Khalil claims he shared details of the vulnerability with the Facebook team after having successfully tested it by posting to the Facebook wall of Sarah Goodin, a friend of the Facebook CEO.
Despite having attached a screenshot of his post on Goodin's wall (someone who he obviously wasn't Facebook friends with), the Facebook security team rejected Khalil's claims saying, "I am sorry this is not a bug."
Shreateh decided to use the glitch to hack into Mark Zuckerberg's profile page. In a post which has since been removed, he apologised for breaking Zuckerberg's privacy, adding: "I had no other choice… after all the reports I sent to Facebook team".
CEO and founder of Facebook Mark Zuckerberg's wall / Khalil Facebook
Within minutes of the post, Khalil reportedly heard from Facebook security engineer Ola Okelola, requesting details of the exploit. Facebook also temporarily disabled Khalil's account as it investigated the issue, to prevent him from exploiting the bug.
However, instead of repairing the obvious security breach, Facebook replied to Shreateh by saying the issue ‘was not a bug.’
Shreateh went on to recount his attempts to warn the website and posted a grab of the post on his blog.
Ultimately, Facebook acknowledged the bug and re-enabled Khalil's account. However, Khalil, who detailed the incident on his blog, will not be eligible for the $500 payout that Facebook gives to security researchers that help find bugs, as he used real accounts instead of dummy accounts to demonstrate the bug, which is a violation of Facebook's policies.
In case you are wondering what happened to the bug itself, another Facebook engineer has revealed that the bug was fixed on Thursday.
Shreateh, who says he has been looking for work for two years, lives in the Palestinian city of Yatta, where the unemployment rate is officially 30% and believed to actually be higher.
"I could sell (information about the flaw) on the black (hat) hackers' websites and I could make more money than Facebook could pay me," he said in an interview with CNN. "But for me — I am a good guy. I don't deal with the black (hat) stuff."
In hacker circles, "white hat" is a term for people who report exploits they find so they can be fixed, while "black hat" often refers to people who hack to take advantage of those exploits.
He acknowledged hoping his tip would lead to a reward from Facebook.
"I never asked them, 'I want $4,000 or $5,000'," he said. "I didn't deal with them like that … . (But) I really needed that money."
‘In order to qualify for a payout you must "make a good faith effort to avoid privacy violations" and "use a test account instead of a real account when investigating bugs,”’ Jones writes.
Nonetheless, Facebook welcomes Shreateh to inform them of any additional glitches he finds for them in the future.
If Mark Zuckerberg's Facebook wall is not safe, is yours?
Sources:www.cnn.com,http://www.dailymail.co.uk,http://www.telegraph.co.uk
Images: Khalil Facebook & Google Plus
Feature Image Getty Images