- How to stream the NFL conference championship games 5 Years Ago
- How to watch Barcelona vs. Leganes online for free Today 1:00 AM
- Daily Stormer founder to turn over personal, financial information in lawsuit Saturday 8:51 PM
- Ariana Grande’s ‘7 Rings’ courts controversy Saturday 6:19 PM
- Crowd of MAGA teens attempts to intimidate Native American protester Saturday 4:13 PM
- ‘Generously buttered noodles’ is the bizarre, wholesome meme you didn’t know you needed Saturday 2:07 PM
- All of Machinima’s YouTube videos are gone, stunning creators and fans (updated) Saturday 1:14 PM
- Photo of federal workers conjures Great Depression Saturday 12:24 PM
- How to watch Pacquiao vs. Broner online Saturday 9:00 AM
- What does IMO mean? Saturday 8:00 AM
- ‘Trigger Warning with Killer Mike’ digs into America’s wounds with a wink and a black flag Saturday 7:00 AM
- 12 must-see music documentaries on Netflix Saturday 7:00 AM
- How to watch Tigres vs. Cruz Azul online for free Saturday 6:00 AM
- How to watch Arsenal vs. Chelsea online for free Saturday 5:21 AM
- How to watch Borussia Dortmund vs. RB Leipzig online for free Saturday 5:07 AM
A hacker was having trouble getting Facebook to take his bug report seriously, so he sent them a message they couldn’t ignore.
A hacker was having trouble getting Facebook to take his bug report seriously—until he used the vulnerability he had found to post a message to CEO Mark Zuckerberg’s private timeline.
Last week, Khalil Shreateh warned Facebook he had found a bug that let him post messages on any user’s timeline, regardless of privacy settings. He had tested his trick out on the Facebook account of Sarah Goodin, a Harvard classmate of Mark Zuckerberg’s and the first woman to join Facebook, and he attached a screenshot as proof.
No response from Facebook. He sent the message again.
“I am sorry this is not a bug,” a rep finally wrote back.
But Shreateh was determined to show Facebook what he had found, and collect one of the monetary awards the company gives to “white hat” hackers who report serious vulnerabilities—so he posted his report on Zuckerberg’s wall.
Within minutes, he had a reply from a Facebook engineer asking for more information.
But, to Shreateh’s dismay, the reward was not forthcoming. Instead, Facebook shut down his account for violating the site’s terms of service.
He eventually convinced Facebook to restore his account, but he couldn’t talk the company into a White Hat payout, although Facebook engineers acknowledge he discovered the bug.
“Unfortunately your report to our Whitehat system did not have enough technical information for us to take action on it. We cannot respond to reports which do not contain enough detail to allow us to reproduce an issue. When you submit reports in the future, we ask you to please include enough detail to repeat your actions.
“We are unfortunately not able to pay you for this vulnerability because your actions violated our Terms of Service. We do hope, however, that you continue to work with us to find vulnerabilities in the site,” wrote the Facebook employee who restored Shreateh’s account.
The lesson here? It pays to fully document a vulnerability before you send in your report. It doesn’t pay to mess with Mark Zuckerberg’s privacy.
Photo via Mark Zuckerberg/Facebook
Jay Hathaway is a former senior writer who specialized in internet memes and weird online culture. He previously served as the Daily Dot’s news editor, was a staff writer at Gawker, and edited the classic websites Urlesque and Download Squad. His work has also appeared on nymag.com, suicidegirls.com, and the Morning News.