Hacked: Khalil Shreateh the above comment on Mark Zuckerberg's wall. Photo: Khalil Shreateh blog
An unemployed Palestinian developer named Khalil Shreateh tried several times to report a bug to Facebook's security team. When no one got back to him, he took the (dubiously) logical next step: exploited the bug to leave a public comment on Facebook CEO Mark Zuckerberg's wall.
''First sorry for breaking your privacy and post to your wall,'' an apparent screenshot of the hack reads. ''I has [sic] no other choice to make after all the reports i sent to Facebook team.''
But it's not exactly newsworthy that Shreateh found a bug. In fact, Facebook runs a program that encourages white-hat hackers to find and report bugs in Facebook infrastructure in exchange for a cash reward. What is unusual is that Facebook didn't respond to Shreateh's initial reports about the bug, and that Shreateh then exploited it in violation of Facebook's policies for white-hat hackers.
Khalel Shreateh: Took matters into his own hands. Photo: AP
''The more important issue here is with how the bug was demonstrated using the accounts of real people without their permission,'' Matt Jones, a Facebook software engineer said. So why didn't Facebook respond right away to Shreateh's reports? It seems his bug was lost - literally - in translation. Shreateh's English is a little shaky, and the Facebook developer he corresponded with doesn't seem to understand the report:
''Rhe vulnerability allow's facebook users to share posts to non friends facebook users , i made a post to sarah.goodin timeline and i got success post . . . of course you may cant see the link because sarah's timeline friends posts shares only with her friends , you need to be a friend of her to see that post or you can use your own authority .''
''I am sorry this is not a bug,'' a Facebook employee reportedly fired back.