Palestinian programmer Khalil Shreateh managed to write and share links on Zuckerberg’s private timeline, even though they were not Facebook friends.
After discovering a privacy bug on Facebook, unemployed Palestinian programmer Khalil Shreateh said he just wanted to collect the traditional $500 bounty the social network giant offers to those who voluntarily expose its glitches.
But when Facebook ignored his first two reports, Shreateh took his message to the top — and hacked into CEO Mark Zuckerberg’s personal page to prove his point.
“Sorry for breaking your privacy,” he wrote the Facebook founder, “I has no other choice to make after all the reports I sent to Facebook team … as you can see iam not in your friend list and yet i can post to your timeline.”
The stunt cost the 30-year-old Palestinian the bounty, but earned him praise — and numerous job offers — for being able to get to the boss of the world’s most ubiquitous social network.
Shreateh, who lives near the West Bank city of Hebron and has been unable to find a job since graduating two years ago with a degree in information technology, told Facebook that he found a way that allowed anyone to post on anyone else’s wall. “I told them that you have a vulnerability and you need to close it,” he told The Associated Press. “I wasn’t looking to be famous. I just wanted to make a point to Mark (Zuckerberg).”
In a message posted to the Hacker News, a user-driven security news site, Facebook software engineer Matthew Jones said the initial report was poorly worded, although he acknowledged that the Menlo Park company should have pressed for more information.
Jones added that the bug was fixed Thursday. Facebook declined to comment beyond the post.
Security Compass VP Rohit Sethi discusses Facebook Founder and CEO Mark Zuckerberg’s timeline being hacked as well as the Facebook bug bounty program. He speaks with Emily Chang on Bloomberg Television’s “Bloomberg West.” ( Source: Bloomberg)