Who says Facebook doesn’t pay out bounties when bugs are reported? Arul Kumar, an electronics and communications engineer from Tamil Nadu in India, is $12,500 richer after reporting a bug that allowed users to delete photos from Facebook via the social network’s support dashboard.
Facebook is still refusing to pay a bounty to Khalil Shreateh, the security researcher who used the bug he discovered to post directly on Co-Founder and CEO Mark Zuckerberg’s Timeline after Facebook Security rejected his attempts to report it, but Beyond Trust Chief Technology Officer Marc Maiffret is doing his best to make sure Shreateh doesn’t walk away from this experience empty-handed.
Facebook Chief Security Officer Joe Sullivan Defends White Hat Program’s Response To Researcher Who Hacked Mark Zuckerberg
Facebook Chief Security Officer Joe Sullivan said in a note on the Facebook Security page that he understood the frustration expressed by Khalil Shreateh, who used a bug he reported to the social network to post directly to the Timeline of Facebook Co-Founder and CEO Mark Zuckerberg, but he defended the company’s decision to not offer a reward to Shreateh because he involved an actual user (not to mention the head of the company) and did not use a test account.
After Facebook Security Rejected His Bug Report, Khalil Shreateh Used The Bug To Post Directly On Mark Zuckerberg’s Timeline
Palestinian information system expert Khalil Shreateh discovered a bug that allowed Facebook users to post on the Timelines of other Facebook users, even when they were not connected as friends, but when he submitted it to the social network’s white hat program, Facebook Security responded that it was not a bug. So Shreateh went straight to the top, exploiting the bug to post on the Timeline of none other than Facebook Co-Founder and CEO Mark Zuckerberg.