researcher from Palestine, first reported the bug to Facebook, which pays people to report such things rather than sell them on the black market. But, instead of fixing the bug and paying the researcher the $500+ fee,
Facebook told him "this was not a bug," according to an email that Shreateh shared. When he tried a second time to warn the company and was rebuffed, Shreateh posted on the Wall of Sarah Goodin - a friend of
Facebook CEO Zuckerberg. That got their attention REALLY fast. The message said, "Sorry for breaking your privacy ... but a couple of days ago, I found a serious Facebook exploit" that the social network wasn't taking seriously. Within minutes, a Facebook security engineer took it seriously, contacting Shreateh (and his
Edward Snowden avatar) and asking for details on how he did it. Zuckerberg Hacked Matt Jones from Facebook's security team said after the fact that once the team understood the bug they acted quickly, "We fixed this bug on Thursday." They also temporarily suspended Shreateh's account and said they wouldn't pay
him the fee because, by posting to Zuck's account, he violated the terms of service. The Facebook team asked for his help finding future bugs, however. Natch. Commenters online are split on the matter. Facebook says that Shreateh didn't include enough info when reporting it ... as in how to actually do it and fix it. On the other hand, he wouldn't have hacked Zuck's account if the security team had asked him for more details the first two times he tried to report it. What do you think? Should the hacker be paid the bounty?
No comments:
Post a Comment