FOUNDER'S FACEBOOK PAGE BROKEN INTO BY HACKER WHO WARNED THEM ABOUT THEIR SECURITY

A screenshot of hacker Khalil Shreateh's post on Facebook founder Mark Zuckerberg's private Facebook page.
Mark Zuckerberg had his Facebook page broken into because the tech company's own security team ignored a benevolent hacker.
Writing in broken English, Palestinian hacker Khalil Shreateh twice contacted Facebook's security team to tell them about the bug, which allowed him to post on a user's timeline even if they weren't accepted friends.

In theory, Shreateh should have been blocked from posting through one of Facebook's highly touted new security features that gives users the ability to filter who can post messages on their timelines.

Shreateh found a way around Facebook's defenses but the company's security team said that his method was "not a bug" according to the hacker's blog post, as reported by tech blog Gizmodo.

Frustrated by the lack of response, Shreateh showed the power of his find by posting on Facebook founder Mark Zuckerberg's timeline.

"Dear Mark Zuckerberg," Shreateh's post began, "First sorry for breaking your privacy and post to your wall, I has no other choice to make after all the reports i sent to Facebook team."

Shreateh then went on to explain his two failed attempts to work with Facebook's white hat security team — who pay hackers a minimum of $500 to find problems with the social network's site.

"i appreciate your time reading this and getting some one from your company team to contact me," Shreateh wrote to end his message to Zuckerberg.

Someone from Facebook did get in contact with Shreateh but the hacker didn't get the $500 reward the company promises to hackers.

Instead, Facebook temporarily shut down Shreateh's Facebook page "as a precaution" and told the hacker that his previous messages did not contain enough technical information to prove that he had indeed hacked the site.

Adding insult to injury, Facebook's security team told Shreate: "We are unfortunately not able to pay you for this vulnerability because your actions violated our Terms of Service. We do hope, however, that you continue to work with us to find vulnerabilities in the site."

No comments:

Post a Comment

Subscribe via email

Subscribe to our mailing list

* indicates required

YOU MIGHT ALSO LIKE

Related Posts Plugin for WordPress, Blogger...