IT expert reports Facebook bug to CEO
August 19 , 2013
IT expert, Khalil Shreateh who had been ignored by Facebook's security team took his bug report directly to Mark Zuckerberg's page.
The bug reportedly allows people to post on other people's pages regardless of whether or not they are Facebook friends. Shreateh initially took his report to the social network's security service, which offers a minimum of $500 as reward for legitimate bugs. The IT expert apologized to the CEO for posting the information on his wall since he had "no other choice".
Within minutes of this post, Streateh was contacted by Facebook and his own account had been disabled. An engineer later told Streateh that his report hadn't included enough detail for them to take any action.
The vulnerability has been reportedly fixed and a security engineer for Facebook said Streateh should have been asked for further details on the report initially.
He didn't only provide inadequate information about the bug but his post on the CEO's wall also violated the responsible disclosure policy.