Turns out, hacking Mark Zuckerberg’s Facebook page is a great idea.
Khalil Shreateh, the Palestinian security researcher who made headlines earlier this week after posting a message to Zuckerberg’s Timeline to prove that he had discovered a flaw in Facebook’s security settings, will receive more than $11,000 for his efforts. But the money is not coming from Facebook. Instead, Shreateh can thank a crowdfunding campaign launched by a fellow member of the security community for his payday.
The campaign was started on Monday by BeyondTrust CTO Marc Maiffret, who contributed the first $3,000 towards the $10,000 campaign goal. According to ZDNet, another $3,000 came from Firas Bushnaq, founder of eEye Digital Security, a BeyondTrust subsidiary. At the time of this writing, the campaign has raised $11,335 (and counting) from more than 200 donors.
“All proceeds raised from this fund will be sent to Khalil Shreateh to help support future security research,” writes Maiffret in a note on the campaign page.
Shreateh had previously reported the vulnerability to Facebook’s engineers, as part of the company’s bug bounty program, which awards those who discover bugs a minimum of $500 for their discoveries. But the company ignored Shreateh’s bug report. In the message posted to Zuckerberg’s Facebook page, Shreateh said he had “no other choice” but to demonstrate the vulnerability in a public fashion.
Facebook later said it would investigate the bug, which lets anyone post on any Facebook user’s page, regardless of privacy settings – a flaw that could allow spammers to wreak havoc on the social network. Rather than pay Shreateh for bringing it to their attention, however, the company temporarily shut down Shreateh’s Facebook page, and said he was ineligible for a bug bounty because he violated the social network’s terms of service.
We’ve reached out to Shreateh for a response to the community’s generosity, and will update this post with any response we receive. Update: Shreateh tells Digital Trends, “I would thank Marc and all those who donate to make this word a better and more secure.”
- Critical MacOS Mojave vulnerability bypasses system security
- Earn up to $10,000 by squashing printer-based bugs in HP’s bounty program
- Facebook’s security chief has quit — now who’s watching the watchmen?
- Google to shut down Google+ after exposure of 500,000 users’ data
- Despite serious security flaws, D-Link will (again) not patch some routers