The guy who hacked Mark Zuckerberg’s wall just to disclose the existence of a Facebook vulnerability, is now being given what he deserves – $12,058 in cash. What’s interesting is that the SNS isn’t the one providing the dough. According to the company, Khalil Shreateh who discovered a bug, didn’t follow proper procedure and even violated its terms of service. With Facebook refusing to pay the bounty, a crowd funded project on GoFundMe was initiated.
The goal was originally $10,000, but the response was good enough for it to reach $12,058 from 249 backers in 2 days. The Facebook vulnerability spotted by Khalil apparently allows a user to post on anyone’s timeline without the need of being on the person’s friend list. After multiple reports with no positive reply from the SNS, Khalil took extreme measures and made a post on founder Mark Zuckerberg’s wall, only to bring it to the security team’s notice.
This incident reminds us of Die Hard 4 where someone finds a vulnerability in the US defense system, but no one takes notice which leads to the discoverer using it for his own benefit, resulting in a chaotic 129-minute movie. In short, things could have turned out pretty bad if someone were to exploit the bug. On the bright side, the problem has been fixed and Facebook has apologized for its miscommunication with Khalil as well as its negligence towards the reports.
The $12,058 raised on GoFundMe is being sent over to Khalil. In a note on Facebook Security, Joe Sullivan the Chief Security Officer, stated that the company will provide a clearer method of reporting bugs and will even update the whitehat page with additional details pertaining to reporting vulnerabilities. Sullivan also stated that rewards won’t be given to researchers if they’ve ‘tested vulnerabilities against real users.’