Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.
Escapist logo header image

Hacker Demonstrates Facebook Exploit On Mark Zuckerberg’s Wall

This article is over 11 years old and may contain outdated information
Mark Zuckerbergs Facebook page

A Palestinian “white hat” hacker decided to make his point by posting on Mark Zuckerberg’s wall after Facebook ignored his warnings about a vulnerability in the system.

Khalil Shreateh, a technical sort of fellow from Yatta, Hebron, recently discovered a vulnerability in Facebook that allowed him to post to anyone’s wall, even if it was set to private. He reported the issue through Facebook’s “Whitehat” system, which offers a minimum reward of $500 for such discoveries, along with a link to a message he’d written on the wall of Sarah Goodin, a woman who attended the same college as Facebook founder Mark Zuckerberg.

Unfortunately, Facebook security told him that the link he provided resulted in an error, so he resubmitted, explaining why the error occurred and also stating that he might post a message on Zuckerberg’s wall to get his point across. After his second submission, Facebook said simply that what he was reporting was not a bug, so he did as he’d warned and posted a message detailing the exploit, along with his report to Facebook security (and its dismissive reponse), on Zuckerberg’s wall.

Very shortly after the message went up, Shreateh was contacted by a Facebook engineer seeking more information about the exploit; soon after that, his account was disabled. When he filed yet another report asking why, he was told it had been shut down “as a precaution.”

“When we discovered your activity we did not fully know what was happening. Unfortunately your report to our Whitehat system did not have enough technical information for us to take action on it,” a security engineer said in a message. “We cannot respond to reports which do not contain enough detail to allow us to reproduce an issue. When you submit reports in the future, we ask you to please include enough detail to repeat your actions.”

His account has since been re-enabled but sadly, despite clearly finding a bug, Shreateh won’t be getting any reward. “We are unfortunately not able to pay you for this vulnerability because your actions violated our Terms of Service,” Facebook told him. “We do hope, however, that you continue to work with us to find vulnerabilities in the site.”

Source: Khalil, via Gizmodo

Recommended Videos

The Escapist is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more about our Affiliate Policy