Khalil Shreateh, a Palestinian developer and hacker, used the bug and posted a message on Mark Zuckerberg's wall explaining the flaw of the social networking forum that fails to restrict the people who are not in the user’s friends’ list from posting on their wall.

Shreateh has reportedly tried to bring the issue in the notice of the Facebook's security team on several occasions but failed in his attempt. He then posted something to Sarah Goodin's wall, a friend of Zuckerberg but was again not taken seriously.

Shreateh then took the daring step and posted the bug on Zuckerberg's wall. He was immediately contacted by the Facebook security engineer and was asked about the details.

Facebook has a bounty program where it pays people to report bugs instead of using them maliciously but it did not pay the USD US500+ fee amount to Shreateh. The social forum clarified that the bounty was denied to Shreateh because he did not include enough technical info when he tried to report the bug.
According to the company’s norms, by posting on the CEO’s wall, Shreateh has violated Facebook's responsible disclosure policy — which prohibits people who discover bugs to take advantage of them and demonstrate the bugs on people's accounts without their permission.

Meanwhile, Facebook’s security engineers claimed to have resolved the bug problem.


Latest News from India News Desk