A Palestinian security researcher posted a message on Facebook CEO Mark Zuckerberg’s page last week after he says the site’s security team didn’t take his warnings of a security flaw seriously, CNN reports.
“First, sorry for breaking your privacy and post(ing) to your wall,” wrote Khalil Shreateh, a self-described unemployed security researcher with a degree in information systems. “I (have) no other choice to make after all the reports I sent to (the) Facebook team.”
Shreateh says he found a hole in Facebook’s systems that lets him post to any user’s page, including users not on his Friends list, which could be a virtual gold mine for spammers, scam artists and others seeking to exploit the site’s roughly 1 billion users worldwide, CNN reports.
Facebook says the flaw was fixed on Thursday, but the episode made headlines on tech blogs over the weekend. On the Hacker News website, Facebook security team member Matt Jones wrote that the language barrier with non-native English speaker Shreateh, and the volume of reports the site receives were partly to blame for the site’s slow response.
Because he violated Facebook’s terms of service by hacking the pages of other users, Shreateh is not eligible to receive a reward under the site’s White Hat program designed to find and fix bugs. According to Jones, Facebook has paid out more than $1 million to hundreds of reporters.