Skip to main content

A guy spammed Mark Zuckerberg’s wall because Facebook ignored his bug report

a guy spammed mark zuckerbergs wall because facebook ignored his bug report zuckerberg hack
Image used with permission by copyright holder

You often hear stories about how a hacker breaks into a business’s website, then the company ends up hiring said hacker as some sort of consultant to prevent future attacks. For some reason, we doubt Facebook is going to take on Khalil Shreateh, an IT researcher from Palestine, after he hacked into Mark Zuckerberg’s wall to prove his security bug report.

Let’s be fair, we’re sure Shreateh had good intentions. Earlier this month, the researcher discovered a bug that allowed him to post on any user’s Facebook wall regardless of privacy settings. He even tested the vulnerability on Sarah Goodin – one of Zuckerberg’s Harvard friends. After reporting the bug to Facebook, the company’s security engineer identified as Emrakul did little to help, only replying in one sentence responses. “I dont see anything when I click link except an error,” wrote one email. “I am sorry this is not a bug.”

Frustrated, Shreateh felt he had to choice but to prove his point on the Zuck’s wall, hoping that by reporting to the CEO directly, someone will address the security flaw. “First sorry for breaking your privacy and post to your wall , i has no other choice to make after all the reports i sent to Facebook team,” Shreateh wrote, before providing descriptions and links to the issue. As if the matter wasn’t comical enough, Shreateh’s profile photo is a picture of Edward Snowden. 

Shortly after the post, another Facebook engineer named Ola Okelola contacted Shreateh for more details. As a result, Shreateh’s Facebook was temporarily disabled as a “precaution,” and Okelola explained to Shreateh that his report did not contain enough technical information for the team to take action. Facebook also said it cannot pay Shreateh a reward since he exploited the vulnerability, thus violating the site’s terms of service.

“We get hundreds of reports every day,” a Facebook engineer commented on Hacker News, noting that the bug had been fixed since last Thursday. “Exploiting bugs to impact real users is not acceptable behavior for a white hat [report].” The company does admit, however, that the first engineer should have followed up and asked Shreateh for more details – so it looks like the whole situation was just a case of two completely misguided IT men.

Editors' Recommendations

Natt Garun
Former Digital Trends Contributor
An avid gadgets and Internet culture enthusiast, Natt Garun spends her days bringing you the funniest, coolest, and strangest…
A Facebook, Instagram bug exposed millions of passwords to its employees
Crisis Response Hub

Facebook software meant to disguise user passwords from employee access failed, leaving millions of passwords visible to the network's employees,  the company said on Thursday, March 21. The network said the bug was discovered in a routine review in January and has since been corrected. The bug exposed passwords for users on Facebook, Facebook Lite, and Instagram.

Facebook hasn’t found any evidence that the passwords were compromised externally -- the bug only exposed plain text passwords for the company’s employees, according to Facebook. The company also said they haven’t found evidence of internal employees abusing the information. Facebook didn’t say why it delayed telling users after finding the bug in January.

Read more
X now offers audio and video calls, but it’s easy to turn off
The new X sign replacing the Twitter logo on the company's headquarters in San Francisco.

A couple of months after landing the CEO job at X (formerly Twitter) in May, Linda Yaccarino said: “X will be the platform that can deliver, well ... everything.”

Part of that includes audio and video calls, which the company has just started to roll out for users globally.

Read more
How to delete or deactivate your Facebook account
Google Pixel Fold in Obsidian with Facebook filled screen after rotating.

Maybe you just need to take a break from using Facebook. Or maybe you haven't used your Facebook account in awhile and don't plan to in the future. Whatever your reasons, you should know that you have two clear options when it comes to doing away with Facebook.

If you just need a break and will likely need your account in the future, you can deactivate your Facebook account. If you've moved on to greener social media pastures or just don't need your account anymore, you can delete your Facebook account too.

Read more