Terming the company’s decision as unwarranted, several hackers across the globe said that the networking giant had unfairly denied Khalil Shreateh, a Palestinian, a payment under its "Bug Bounty" program. It doles out at least USD 500 to an individual who brings software bugs to the company's attention.

Marc Maiffret, chief technology officer of cybersecurity firm BeyondTrust, said that he is mobilizing fellow hackers to raise a USD 10,000 reward for Shreateh. Maiffret, a high school dropout and self-taught hacker, said on Tuesday that he has raised about USD 9,000 so far, including the USD 2,000 he initially contributed.

"He is sitting there in Palestine doing this research on a five-year-old laptop that looks like it is half broken," Maiffret said. "It's something that might help him out in a big way."

Khalil Shreateh discovered and reported the software flaw but was initially dismissed by the company's security team. He then posted a message on the billionaire's wall to prove the bug's existence.

Khalil Shreateh had on several occasions tried to bring the software issue in the notice of the Facebook’s security team but failed in his attempt. He then posted something to Sarah Goodin’s wall, a friend of Zuckerberg but he was not taken seriously till then. Shreateh then took the daring step to hijack the CEO’s wall. Shreateh uncovered the flaw on the company's website that allows members to post messages on the wall of any other user, including Zuckerberg's.

"Sorry for breaking your privacy," Shreateh said in the post on Zuckerberg’s wall.

The bug was quickly fixed and Facebook issued an apology on Monday for having been "too hasty and dismissive" with Shreateh's report. But it has not paid him a bounty.

"We will not change our practice of refusing to pay rewards to researchers who have tested vulnerabilities against real users," Chief Security Officer Joe Sullivan said in a blogpost. He said Facebook has paid out more than USD 1 million under that program to researchers who followed its rules.

Facebook has a bounty program where it pays people to report bugs instead of using them maliciously. According to the company’s norms, by posting on the CEO’s wall, Shreateh had violated Facebook's responsible disclosure policy — which prohibits people who discover bugs to take advantage of them and demonstrate the bugs on people's accounts without their permission. The social forum further clarified that the bounty was denied to him because he did not include enough technical info when he tried to report the bug.


Latest News from World News Desk