Mark Zuckerberg’s Facebook timeline HACKED
A Palestine developer and hacker, Khalil Shreateh, managed hack and write on Zuckerberg’s private timeline, even though they were not Facebook friends. He discovered a way to bypass Facebook’s privacy settings and post on anyone’s timeline.
[info]Khalil Shreateh, an IT security researcher, had contacted Facebook twice to report the malfunction in Facebook’s security system, but the company failed to recognize the vulnerability in his report. [/info]
Before reporting the bug, Shreateh successfully tested it by posting on the wall of Sarah Goodin, Zuckerberg’s former college classmate.
He included a link to this post in the email:
Shreateh has made a video explaining his misadventure and shared it online, where it has already been viewed over 140,000 times. Facebook pays a minimum $500 reward for any security flaws that a hacker finds but Shreateh won’t be rewarded for his finding, because he violated the disclosure policy.
[blockquote cite=”Matt Jones, Facebook”]
The more important issue here is with how the bug was demonstrated using the accounts of real people without their permission. Exploiting bugs to impact real users is not acceptable behavior for a white hat. We allow researchers to create test accounts here to help facilitate responsible research and testing. In this case, the researcher used the bug he discovered to post on the timelines of multiple users without their consent.