Facebook has this one simple rule that you need to be someone’s Facebook friend to be able to post to their wall. However, back in 2013, a security researcher Khalil Shreatah managed to discover a bug that allowed a hacker to post anything on anyone’s wall without becoming their friend.
Khalil had made countless attempts to report the bug to Facebook, but all the response that he ever got was that ‘it was not a bug at all’. He finally chose to post to the wall of the founder himself to make them realize the issue. Unfortunately, Facebook did not like the way he did it.
Many companies offer unbelievable rewards if you report the security bugs and breaches, but definitely not when you do not comply with the reporting rules. The same happened to Khalil who expected a reward for exploiting Mark’s timeline, just to inform the company about the bug.
Khalil first tried to report the incident by posting on Sarah Goodlin’s wall, who was Mark’s college friend. The Facebook security member who handled the query was not friends with Goodlin. He had no access to the link, even though, generally they are able to override the security to see anything on the website. When the security team responded with saying, “I am sorry, this is not a bug,” Khalil resorted to post on Zuckerberg’s timeline himself.
Facebook pays security researchers a minimum of $500 for reporting a security bug, and it can go as high as possible depending on how severe the bug is. The only condition is reporting responsibly which Khalil missed to do. Having been job-less for over two years, Khalil had been very hopeful to get the reward, as he needed the money desperately. However, he ended up in disappointment, and one major reason was the security team’s inability to understand the bug.
Watch the video and see Khalil explaining the problems associated with posting on other people’s wall without permission.