Mark Zuckerberg’s Facebook page was hacked by a Palestinian programmer keen to highlight to the company the flaw he had found in their code.
The exploit allowed Khalil Shreateh to post on Zuckerberg’s wall (see below) even though he was not authorised to do so. Shreateh posted his message after he tried to alert Facebook about the flaw but was told that it was “not a bug”.
“Dear Mark Zuckerberg,” read Shreateh's message. “First sorry for breaking your privacy and post [sic] to your wall, I has no other choice to make after all the reports I sent to Facebook team.”
The reports sent by Shreateh were to Facebook’s a Whitehat program; a bounty scheme that offers rewards to programmers that flag up potential security bugs.
The minimum reward for a successful report is $500 and Facebook states that “there is no maximum reward: each bug is awarded a bounty based on its severity and creativity”. The company claims to have paid out more than $1 million so far.
Minutes after posting on Zuckerberg’s page Shreateh was contacted by Facebook’s security engineers and his account temporarily suspended. Facebook refused to pay Shreateh for flagging up the flaw as by posting on Zuckerberg’s page he had violated the company’s Terms of Service.
Facebook engineer Matt Jones made a public statement, noting that his team “fixed this bug on Thursday.” Jones noted that the Facebook team receives hundreds of reports each day, many of which are “nonsense or misguided”. He did admit however that they “should have pushed back asking for more details here”.