No reward for Zuckerberg FB page hack

2013-08-19 18:01

Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

San Francisco - A researcher who hacked into Facebook chief Mark Zuckerberg's profile to expose a security flaw won't get the customary reward payment from the social network.

While Facebook offers rewards for those who find security holes, it seems that Palestinian researcher Khalil Shreateh went too far by posting the information on Zuckerberg's own profile page.

Shreateh said on his blog he found a way for Facebook users to circumvent security and modify a user's timeline.

He said he took the unusual step of hacking into Zuckerberg's profile after being ignored by the Facebook security team.

"So [I] did post to Mark Zuckerberg's timeline , as those pictures shows," he said, including screen shots of the posting.

"Dear Mark Zuckerberg," he wrote."First sorry for breaking your privacy and post to your wall, [I] had no other choice to make after all the reports [I} sent to Facebook team. My name is KHALIL from Palestine."

His reward for exposing the flaw was having his Facebook account disabled.

He later got a message saying, "We are unfortunately not able to pay you for this vulnerability because your actions violated our Terms of Service. We do hope, however, that you continue to work with us to find vulnerabilities in the site."

Facebook said it appreciates help with security but not by hacking into user accounts.

Facebook security engineer Matt Jones posted a comment on Sunday on a security forum saying "we fixed this bug on Thursday," and admitted that "we should have asked for additional... instructions after his initial report."

Some sympathy

"We get hundreds of reports every day," Jones said. "We have paid out over $1 million to hundreds of reporters. However, many of the reports we get are nonsense or misguided."

Jones added that "the more important issue here is with how the bug was demonstrated using the accounts of real people without their permission."

"We welcome and will pay out for future reports from him [and anyone else!] if they're found and demonstrated within these guidelines," Jones said on the YCombinator hacker news forum.

Independent security researcher Graham Cluley said he had "some sympathy" with Facebook on the issue.

"Although he was frustrated by the response from Facebook's security team, Shreateh did the wrong thing by using the flaw to post a message on Mark Zuckerberg's wall," Cluley said on his blog.

Read more on:    facebook  |  mark zuckerberg  |  us  |  palestine  |  internet security

Join the conversation!

24.com encourages commentary submitted via MyNews24. Contributions of 200 words or more will be considered for publication.

We reserve editorial discretion to decide what will be published.
Read our comments policy for guidelines on contributions.
NEXT ON NEWS24X

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
19 comments
Comments have been closed for this article.

Inside News24

 
/News

Book flights

Compare, Book, Fly

Traffic Alerts
There are new stories on the homepage. Click here to see them.
 
English
Afrikaans
isiZulu

Hello 

Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.


Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.

Settings

Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.




Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.