August 19, 2013

No reward for hacking Zuckerberg Facebook page

Mark Zuckerberg speaks during an event at Facebook headquarters in Menlo Park, California on on April 4, 2013
Facebook CEO Mark Zuckerberg speaks during an event at Facebook headquarters in Menlo Park, California on on April 4, 2013. A researcher who hacked into Facebook chief Mark Zuckerberg's profile to expose a security flaw won't get the customary reward payment from the social network.

A researcher who hacked into Facebook chief Mark Zuckerberg's profile to expose a security flaw won't get the customary reward payment from the social network.

While Facebook offers rewards for those who find security holes, it seems that Palestinian researcher Khalil Shreateh went too far by posting the information on Zuckerberg's own profile page.

Shreateh said on his blog he found a way for Facebook users to circumvent security and modify a user's timeline.

He said he took the unusual step of hacking into Zuckerberg's profile after being ignored by the Facebook security team.

"So i did post to Mark Zuckerberg's timeline , as those pictures shows," he said, including screen shots of the posting.

"Dear Mark Zuckerberg," he wrote."First sorry for breaking your privacy and post to your wall, i had no other choice to make after all the reports i sent to Facebook team. My name is KHALIL from Palestine."

His reward for exposing the flaw was having his Facebook account disabled.

He later got a message saying, "We are unfortunately not able to pay you for this because your actions violated our Terms of Service. We do hope, however, that you continue to work with us to find vulnerabilities in the site."

Facebook said it appreciates help with security but not by hacking into .

Facebook Matt Jones posted a comment Sunday on a security forum saying "we fixed this bug on Thursday," and admitted that "we should have asked for additional... instructions after his initial report."

"We get hundreds of reports every day," Jones said. "We have paid out over $1 million to hundreds of reporters. However, many of the reports we get are nonsense or misguided."

Jones added that "the more important issue here is with how the bug was demonstrated using the accounts of without their permission."

"We welcome and will pay out for future reports from him (and anyone else!) if they're found and demonstrated within these guidelines," Jones said on the YCombinator hacker news forum.

Independent security researcher Graham Cluley said he had "some sympathy" with Facebook on the issue.

"Although he was frustrated by the response from Facebook's security team, Shreateh did the wrong thing by using the flaw to post a message on Mark Zuckerberg's wall," Cluley said on his blog.

© 2013 AFP

Citation: No reward for hacking Zuckerberg Facebook page (2013, August 19) retrieved 24 April 2024 from https://phys.org/news/2013-08-reward-hacking-zuckerberg-facebook-page.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Explore further

Facebook offers rewards to security bug hunters
0 shares

Feedback to editors

Relevant PhysicsForums posts

Flipped RGB colours in a TV

57 minutes ago

Fixing Linux kernel not found

Apr 16, 2024

Is an invisible LED mouse more accurate than one with a red LED?

Apr 15, 2024

AI In Actual Use

Apr 13, 2024

Does anyone make zero-flicker computer monitors?

Apr 13, 2024

Artificial Intelligence in Video

Apr 11, 2024

More from Computing and Technology

Load comments (1)