Zuckerberg’s Facebook Page Hacked by a Palestinian Web Developer
Shreateh Khalil, an unemployed web developer in Israel hacked the Facebook account of Mark Zuckerberg to show the company which did not take seriously his first warning that he discovered a security vulnerability.
Khalil discovered a “bug” that allowed him to post a public comment on other users’ pages. In order to demonstrate that the breach operation works, he posted on the “wall” page of Sarah Goodin, a close acquaintance of the founder of Facebook, Mark Zuckerberg.
Khalil contacted then the Facebook security team and provided them the evidence explaining on his blog how the bug can be exploited.
Facebook is implementing a program to reward users who report security breaches to avoid the information to reach the black market. But instead to pay the sum of $500 to the web developer, Facebook has denied that what he discovered was a bug in Facebook software.
Shreateh Khalil insisted and, afterwards, he even posted a public comment on Mark Zuckerberg’s wall apologizing for the extreme method chosen mentioning that Facebook’s security team did not believe him.
“First sorry for breaking your privacy and post to your wall,” the hack screenshot reads. “I has [sic] no other choice to make after all the reports i sent to Facebook team.”
Within minutes, a security engineer at Facebook contacted Khalil and asked for details. Company representatives announced Thursday that the security bug was fixed.
“I can talk hours and hours about facebook security team and their secure style, that may take them down by hackers, that mean iam [sic] not a bad hacker and i never been,” Khalil posted on his Facebook page last night.
Facebook has temporarily suspended Khalil’s account and said that it will not pay the reward because he violated Facebook terms of service. Social networking giant claims that the unemployed Palestinian web developer ought to include more technical details when reporting problems.
“The more important issue here is with how the bug was demonstrated using the accounts of real people without their permission. Exploiting bugs to impact real users is not acceptable behavior for a white hat,” said Matt Jones, a Facebook software engineer, on the forum Hacker News.
Khalil said the Facebook team asked him for help if he finds other security issues.