Skip to main content

A guy spammed Mark Zuckerberg’s wall because Facebook ignored his bug report

a guy spammed mark zuckerbergs wall because facebook ignored his bug report zuckerberg hack

You often hear stories about how a hacker breaks into a business’s website, then the company ends up hiring said hacker as some sort of consultant to prevent future attacks. For some reason, we doubt Facebook is going to take on Khalil Shreateh, an IT researcher from Palestine, after he hacked into Mark Zuckerberg’s wall to prove his security bug report.

Let’s be fair, we’re sure Shreateh had good intentions. Earlier this month, the researcher discovered a bug that allowed him to post on any user’s Facebook wall regardless of privacy settings. He even tested the vulnerability on Sarah Goodin – one of Zuckerberg’s Harvard friends. After reporting the bug to Facebook, the company’s security engineer identified as Emrakul did little to help, only replying in one sentence responses. “I dont see anything when I click link except an error,” wrote one email. “I am sorry this is not a bug.”

Related Videos

Frustrated, Shreateh felt he had to choice but to prove his point on the Zuck’s wall, hoping that by reporting to the CEO directly, someone will address the security flaw. “First sorry for breaking your privacy and post to your wall , i has no other choice to make after all the reports i sent to Facebook team,” Shreateh wrote, before providing descriptions and links to the issue. As if the matter wasn’t comical enough, Shreateh’s profile photo is a picture of Edward Snowden. 

Shortly after the post, another Facebook engineer named Ola Okelola contacted Shreateh for more details. As a result, Shreateh’s Facebook was temporarily disabled as a “precaution,” and Okelola explained to Shreateh that his report did not contain enough technical information for the team to take action. Facebook also said it cannot pay Shreateh a reward since he exploited the vulnerability, thus violating the site’s terms of service.

“We get hundreds of reports every day,” a Facebook engineer commented on Hacker News, noting that the bug had been fixed since last Thursday. “Exploiting bugs to impact real users is not acceptable behavior for a white hat [report].” The company does admit, however, that the first engineer should have followed up and asked Shreateh for more details – so it looks like the whole situation was just a case of two completely misguided IT men.

Editors' Recommendations

What does a check mark mean on Facebook Messenger?
A series of social media app icons on a colorful smartphone screen.

If you've ever sent a message to a friend on Facebook Messenger, you've probably noticed a little check mark icon next to the message you sent.

They're nothing to worry about, but these check mark icons do offer up a little information on the status of the Messenger messages you send. Want to know what each of these check mark icons means? Keep reading to find out.
What does a check mark mean on Messenger?

Read more
Facebook Messenger finally starts testing end-to-end encryption for all chats
facebook messenger testing end to encryption all chats default

Meta has announced it will be testing default end-to-end encryption on Facebook Messenger. The social media company said in a press release on Thursday that testing has already begun "between some people" earlier this week, and that it will be working to make the privacy feature default for all messages and calls in 2023.

If you're part of the test group, your frequent chats will be automatically end-to-end encrypted, thereby rendering end-to-end encryption non-optional. This means that any conversation between you and a friend or family member can't be accessed by Meta or anyone else. The only way Meta will see your messages is if you report them to the company if they threaten your safety in any way.

Read more
This Twitter vulnerability may have revealed owners of burner accounts
Twitter app on the OnePlus 10T.

Twitter recently announced the existence of a security vulnerability that poses a particular risk for anonymous and pseudonymous Twitter accounts.

On Friday, the popular social media platform published a blog statement describing the nature of the security vulnerability, which, if exploited, could let someone send contact information (phone numbers, email addresses) to Twitter's systems, which would then "tell the person what Twitter account the submitted email addresses or phone number are associated with, if any." Essentially, with this bug, if you had someone's contact information, you could use it to figure out which accounts on Twitter were theirs.

Read more