Facebook Inc (FB)’s Mark Zuckerberg Timeline Breached By Hacker


A Palestinian hacker breaks into Facebook Inc (NASDAQ:FB) founder Mark Zuckerberg’s Timeline to report a bug, which according to the hacker, the social network failed to recognize.

Play Quizzes 4

Khalil Shreateh, a Palestinian developer, discovered a loop hole in Facebook’s privacy settings that allows users to post on anyone’s timeline irrespective of the fact whether or not he or she is added in one’s friends list.

Hacker did warn Facebook before

According to Shreateh’s blog post, he initially reported the bug via email to Facebook Inc (NASDAQ:FB)’s white hat disclosure program, but the company failed to recognize the vulnerability.  So to prove his point, Shreateh took a twisted way and reported the vulnerability on Zuckerberg’s Timeline, taking advantage of the same bug he discovered.

London Value Investor Conference 2022: Chris Hohn On Making Money And Saving The World

Chris Hohn the founder and manager of TCI Fund Management was the star speaker at this year's London Value Investor Conference, which took place on May 19th. The investor has earned himself a reputation for being one of the world's most successful hedge fund managers over the past few decades. TCI, which stands for The Read More

Before posting on Zuckerberg’s time line, Shreateh successfully tested the vulnerability by posting on Sarah Goodin’s wall, a former college classmate of Zuckerberg. A link of the same was included in the email sent to the Facebook, but the security employee who handles such cases was unable to see the post as Goodin was not in his friend list.

Shreateh again sent a warning email saying that he could post on Zuckerberg’s wall, but he wouldn’t do so as he respects people’s privacy. He received no reply from the other side. After this, he again sent another official report, detailing the bug, but this time he got an alleged answer from the security team saying “I am sorry this is not a bug.” To which Shreateh he replied: “ok, that mean [sic] I have no choice other than report this to Mark himself on Facebook.”

Shreateh won’t be rewarded

Posting on Zuckerberg’s wall did help, and the flaw was fixed shortly after Shreateh posted on Zuckerberg’s page on Thursday. The whole saga does raise questions as to why Facebook Inc (NASDAQ:FB) completely ignored the White Hat hacker’s alerts.

In its defense, a post from a Facebook Inc (NASDAQ:FB) security team member said that Shreateh’s limited English skills and lack of complete information on the bug was the reason why the security team did not immediately respond. Also, because of the Facebook’s Bug Bounty program, the company receives hundreds of bug reports daily, which further resulted in a delay.

However, the good thing is Facebook Inc (NASDAQ:FB) admitted it’s failure to follow up on the mails from Shreateh. “We should have pushed back asking for more details here,” Facebook software engineer Matt Jones wrote on Hacker News.

Bad news, Shreateh won’t be rewarded for his efforts as he violated the disclosure policy in the whole process.

Updated on

Aman is MBA (Finance) with an experience on both Marketing and Finance side. He has worked as a Risk Analyst for AIR Worldwide, and is currently leading VeRa FinServ, a Financial Research firm. Favorite pastimes include watching science fiction movies, reviewing tech gadgets, playing PC games and cricket. - Email him at amanjain@valuewalk.com
Previous article Apple Inc. (AAPL) iPhone 5S: Gold Version Confirmed
Next article Apple Buyback Debate 2.0: Is Icahn Right This Time?

No posts to display