A Palestinian man hacked Facebook creator Mark Zuckerberg’s Facebook page to prove a vulnerability in the site he had tried to point out to Facebook’s tech team via email.
Facebook had repeatedly responded to his emails saying the bug he was pointing out did not exist.
Khalil Shreateh started out by showing he could post on someone’s timeline without being friends with the person on Facebook. He made a post on Sarah Goodin’s timeline—a friend of Zuckerberg’s. Goodin’s privacy setting only allows people she is friends with to view her timeline, yet Shreateh was able to post to it.
Shreateh documents his contact with the Facebook security team on his blog. He got a response from Emrakul at Facebook stating, “I am sorry this is not a bug,” Shreateh said. The problem, said Shreateh, is that Emrakul was not friends with Goodin and thus could not see the post to which he was referring.
He decided the only way to prove his point was to hack right up to the top of the Facebook command chain—he posted on Zuckerberg’s timeline: “First sorry for breaking your privacy and post to your wall, I has no other choice to make after all the reports I sent to Facebook team.”
The post was removed and the bug fixed, reports Israel Today. Shreateh did not, however, get the minimum $500 bounty for finding glitches usually paid out by Facebook, reports Tech Crunch, because people investigating glitches are supposed to use test accounts, not accounts of actual Facebook users to prove the glitches exist.
Also, reports Tech Crunch, Facebook has said the messages it received from Shreateh, “did not have enough technical information for us to take action on it.”