Skip to main content

A guy spammed Mark Zuckerberg’s wall because Facebook ignored his bug report

a guy spammed mark zuckerbergs wall because facebook ignored his bug report zuckerberg hack
Image used with permission by copyright holder

You often hear stories about how a hacker breaks into a business’s website, then the company ends up hiring said hacker as some sort of consultant to prevent future attacks. For some reason, we doubt Facebook is going to take on Khalil Shreateh, an IT researcher from Palestine, after he hacked into Mark Zuckerberg’s wall to prove his security bug report.

Let’s be fair, we’re sure Shreateh had good intentions. Earlier this month, the researcher discovered a bug that allowed him to post on any user’s Facebook wall regardless of privacy settings. He even tested the vulnerability on Sarah Goodin – one of Zuckerberg’s Harvard friends. After reporting the bug to Facebook, the company’s security engineer identified as Emrakul did little to help, only replying in one sentence responses. “I dont see anything when I click link except an error,” wrote one email. “I am sorry this is not a bug.”

Recommended Videos

Frustrated, Shreateh felt he had to choice but to prove his point on the Zuck’s wall, hoping that by reporting to the CEO directly, someone will address the security flaw. “First sorry for breaking your privacy and post to your wall , i has no other choice to make after all the reports i sent to Facebook team,” Shreateh wrote, before providing descriptions and links to the issue. As if the matter wasn’t comical enough, Shreateh’s profile photo is a picture of Edward Snowden. 

Shortly after the post, another Facebook engineer named Ola Okelola contacted Shreateh for more details. As a result, Shreateh’s Facebook was temporarily disabled as a “precaution,” and Okelola explained to Shreateh that his report did not contain enough technical information for the team to take action. Facebook also said it cannot pay Shreateh a reward since he exploited the vulnerability, thus violating the site’s terms of service.

“We get hundreds of reports every day,” a Facebook engineer commented on Hacker News, noting that the bug had been fixed since last Thursday. “Exploiting bugs to impact real users is not acceptable behavior for a white hat [report].” The company does admit, however, that the first engineer should have followed up and asked Shreateh for more details – so it looks like the whole situation was just a case of two completely misguided IT men.

Natt Garun
Former Digital Trends Contributor
An avid gadgets and Internet culture enthusiast, Natt Garun spends her days bringing you the funniest, coolest, and strangest…
Here’s how to delete your YouTube account on any device
How to delete your YouTube account

Wanting to get out of the YouTube business? If you want to delete your YouTube account, all you need to do is go to your YouTube Studio page, go to the Advanced Settings, and follow the section that will guide you to permanently delete your account. If you need help with these steps, or want to do so on a platform that isn't your computer, you can follow the steps below.

Note that the following steps will delete your YouTube channel, not your associated Google account.

Read more
How to download Instagram photos for free
Instagram app running on the Samsung Galaxy Z Flip 5.

Instagram is amazing, and many of us use it as a record of our lives — uploading the best bits of our trips, adventures, and notable moments. But sometimes you can lose the original files of those moments, leaving the Instagram copy as the only available one . While you may be happy to leave it up there, it's a lot more convenient to have another version of it downloaded onto your phone or computer. While downloading directly from Instagram can be tricky, there are ways around it. Here are a few easy ways to download Instagram photos.

Read more
How to get verified on Instagram Threads
A verified account on Instagram Threads.

Like Twitter and Instagram, Instagram Threads allows users to become verified to confirm their identities and access some exclusive features. Similar to Twitter's verification process, you'll need to pay a monthly fee to be verified on Threads, so keep that price in mind as you get your verified Threads account set up.

So, without further ado, here's how to get verified on Instagram Threads in a few straightforward steps.

Read more