Facebook’s White Hat program has awarded over $1 million to computer experts around the world for finding and reporting security flaws on the site. However, they ignored the reports of a Palestinian IT researcher last week, and he took an audacious step to get their attention.
The researcher, Khalil Shreateh, found a hack that allowed him to post on the walls of users with whom he wasn’t friends. This seemed like a major security breach to Shreateh, so he reported it to Facebook. However, the site responded by telling him that it wasn’t a bug. Instead of giving up Shreateh, took a bold step: he posted directly on the Facebook wall of Mark Zuckerberg to illustrate the error.
Within minutes, he says, he was contacted by a Facebook security official to fix the bug. However, he was not awarded money for his good deed because his actions violated the site’s Terms of Service. His profile was even temporarily suspended.
“We are unfortunately not able to pay you for this vulnerability because your actions violated our Terms of Service. We do hope, however, that you continue to work with us to find vulnerabilities in the site,” the company told Shreateh in an email.
Shreateh may have taken an extreme step to get Facebook’s attention, but there’s no arguing that he achieved a net positive result. It was certainly an unconventional way of reporting a problem, but he should’ve been awarded for his efforts anyway.