There are, quite literally, dozens of organizations and entities who have held their reservations over Facebook and its security since a long time and now it’s clear that even the company’s CEO isn’t completely safe.
Yesterday, a Palestinian hacker by the name of Khalil Shreateh found a vulnerability in the social network’s coding and capitalized on it by writing a post on Mark Zuckerberg’s wall, disguised as Mark Zuckerberg.
The hacker had earlier reported the bug to the Facebook authorities twice, but after he got a reply telling him that “I’m sorry this is not a bug”, he lost patience and decided to show the world that it was.
Khalil had discovered that with some kind of trick anyone could post onto anyone’s wall, even if target wall isn’t in the friend list of the user.
Here’s the post from Khalil detailing the complete information on the bug and incidents revolving around it.
According to Facebook regulations, hackers who inform the company about existing bugs are awarded $500 apiece, at least with no cap on maximum reward.
Not in this case. Facebook declined to reward him on finding such a huge error and instead deactivated his Facebook account, simply because the hacker had violated the site’s rules and regulations of not intruding on someone else’s timeline. Eventually, they did activate his account it but not without hitches.
As far as the relationship between developers and Facebook goes, it won’t be fair to blame the latter totally for what happened in this case as they’ve already rewarded around $1 million to developers over the past couple of years just for reporting bugs. What happened here won’t be doing any good to its botched image though.