Facebook Security Risk Left Knocking on Zuckerberg’s Wall
Hey Mr. Zuckerberg, your Facebook is broken.
Facebook Security Risk Left Knocking On Zuckerberg’s Wall
You wouldn’t think that someone would have to go directly to the creator of Facebook in order to get a security concern handled. Sadly, that is exactly what Khalil of Palestine was forced to do in order to be taken seriously.
Khalil discovered a serious exploit in Facebook that allowed the user to post on anyone’s wall regardless of friend status and security settings. Considering that Facebook seem regularly embroiled in security issues, you’d think they would have immediately taken action when contacted by Khalil.
He messaged the Facebook team through the normal means of reporting errors, bugs, and exploits, only to receive a message back that the link he included as proof didn’t work. Khalil then resent the fixed link and shortly thereafter received a message letting him know that it was ”not a bug.”
Not only did Khalil attempt to bring the issue to the attention of the Facebook team, he also offered to show them how it was done. He asked them to create a dummy account just so he could specifically show them that the exploit was real. Obviously this never happened, because Khalil took the next step.
If the Facebook team won’t listen to you, then clearly it is time to talk to the Facebook founder. Khalil left a cordial message on Mr. Zuckerberg’s wall informing him of the attempts to get the exploit fixed. Minutes after the post when up he received a message asking for all of the details surrounding the exploit.
The team disabled Khalil’s account while they investigated the account, reactivating once the bug was dealt with. Reporting bugs comes with a minimum reward of $500 if it turns out to be a real issue. Khalil was however informed that he would not be receiving any reward for the bug.
Facebook is defending this decision by saying that Khalil had to violate the Facebook terms in order to make a post on Zuckerberg’s wall. Some on the internet have been voicing their disagreement with Facebook, considering the only reason he did it was to get the problem taken care of.