Word of advice — if you’re going to ignore a threat to your own company, you may not want to put yourself in a position where you can easily be called out. That’s the current issue Mark Zuckerberg is facing after Facebook ignored a security bug recently.
As most Facebook users may know, Mark Zucerberg has opened his Facebook up for followers, and now he may be regretting that after a Facebook user outlined a timeline of a bug that has gone ignored by Facebook on his timeline.
IT expert Khalil Shreateh has discovered a vulnerability, which allows anyone to post a link to someone’s Facebook wall, even if they aren’t friends with said Facebooker. Shreateh claims to have reported the bug, but the claims has gone virtually ignored by Facebook, so he decided to take matters into his own hands.
In a blog post, Shreateh outlined the timeline, testing his theory on Sarah Goodin, who is a friend of CEO Mark Zuckerberg. She is also the first woman to sign up for the service. This was before he reported the bug through Facebook’s whitehat disclosure service for security researchers, which also pays rewards to researchers in upwards to $500 for finding bugs.
When Shreateh reported the bug, a Facebook security engineer dismissed that it was a bug saying, “I am sorry this is not a bug,” and did not ask for further details of Shreateh’s findings.
Not to be deterred, Shreateh decided to let Mark Zuckerbeg in on the bug by documenting everything on the CEO’s timeline. Moments later his posting got the attention of Facebook security engineer Ola Okelola, who contacted Shreateh requesting more information on the bug. At the time Facebook disabled Shreateh’s account, but it has now been re-enstated.
Facebook claims his initial report, “did not have enough technical information” to follow up on his report. So since Shreateh finally got Facebook’s attention, he must have received some compensation, right? Looks like that’s not the case. In an e-mail to Shreateh, a Facebook security engineer said the company is, “not able to pay you for this vulnerability because your actions violated our Terms of Service.”
According to Hacker News the bug was fixed on Thursday.
Do you think the details that transpired should concern Facebook users about a potential security breach?