Mark Zuckerberg’s Facebook Page Hacked to Prove Security Hole
0 (0)

The Internet Patrol - Patrolling the Internet for You
Rate this post!
 

Palestinian security researcher Khalil Shreateh tried to warn Facebook – he really did. He did everything that he could think of to alert Facebook’s security and engineering folks to the fact that he had discovered a security flaw that allowed anyone to post to anybody else’s timeline, whether they were connected as friends or not. But they didn’t take him seriously (in fact they told him that it was not a security bug). So after all else failed, he posted a note on Mark Zuckerberg’s wall. And that did the trick.

“First, sorry for breaking your privacy and post to your wall,” began Shreateh’s message to Zuckerberg on Zuckerberg’s wall. Note that the import of this is that Shreateh and Zuckerberg are not ‘friends’ on Facebook, and yet Shreateh was able to publicly post this on Zuckerberg’s timeline. The security hole that allowed Shreateh to do this is exactly the security flaw that he’d been trying to bring to the attention of Facebook before taking this extreme measure.


Shreateh went on to explain in his message on Zuck’s wall, “I has no other choice to make after all the reports I sent to Facebook team.”

Being from Palestine, Shreateh is to be all the more commended for attempting, multiple times, in multiple ways, to bring this security hole to the attention of Facebook, all in a language with which he is not intimately familiar.

Such a security flaw – allowing anyone to post on anybody’s wall – would of course create a field day for spammers and scammers.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

 

But Facebook resisted and pooh-poohed all of his efforts to get them to take this flaw seriously.

His first effort was to post a video on the Facebook wall of a woman who was a friend of Zuckerberg’s, and then to send the link to that post to Facebook’s security team with an explanation of the security hole.

khalil-shreateh-facebook-security

 

 

They responded saying that the link was no good.

 

emrakul-facebook-security

 

Shreateh then suggested that maybe they couldn’t see it because they weren’t friends with the woman, and he sent them a screen capture of his video post to the woman’s Facebook timeline.

That was when the Facebook security team responded that the flaw he had discovered was not a bug. In fact their exact words were “I am sorry this is not a bug.”

 

Shreateh then responded “ok that mean I have no choice other than report this to mark himself on facebook.”

And that is exactly what he did.

 

mark-zuckerberg-account-hacked-by-khalil-shreateh

 

As news of this got out, Matt Jones, a Facebook Security team member stated that “Unfortunately, all he submitted was a link to the post he’d already made (on a real account whose consent he did not have).”

Seems to us that should have been more than enough for the security team to look into Shreateh’s claims, rather than to blow them off.

Jones went on to say “For background, as a few other commenters have pointed out, we get hundreds of reports every day. Many of our best reports come from people whose English isn’t great – though this can be challenging, it’s something we work with just fine and we have paid out over $1 million to hundreds of reporters.”

The monies to which Jones refers is rewards paid to people who find and submit bugs under Facebook’s White Hat program. Shreateh was deemed not eligible to receive a reward because he had hacked someone’s Facebook account.

However, Facebook says that they have fixed the security hole.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

Rate this post!
 

One thought on “Mark Zuckerberg’s Facebook Page Hacked to Prove Security Hole
0 (0)

  1. this is not the first time FB got hacks. the hackers always breach and when facebook get updates its developers starts working after that.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.