Khalil Shreateh, a palestinian hacker, on Monday apologized to Facebook CEO Mark Zuckerberg for gaining access to his wall in an attempt to prove a security bug. Previously, Shreateh had reported the issue to Facebook Security team.
Shreateh accessed the page of the social media website's founder by taking advantage of a glitch that would allow any Facebook user to post on a stranger's wall. Facebook has a reward for hackers who manage to bypass their security system, hoping this will act as an incentive to report glitches.
"Dear Mark Zuckerberg," he wrote."First sorry for breaking your privacy and post to your wall, i had no other choice to make after all the reports i sent to Facebook team. My name is KHALIL from Palestine."
His reward for exposing the flaw was having his Facebook account disabled.
Shreateh contacted the Facebook security team after proving a glitch was real by writing on the wall of a friend of the Facebook founder. But Facebook's security team
denyied that the glitch was a bug, so Shreateh used the same glitch to hack his way onto Zuckerberg?s Facebook page. In a message to Zuckerberg, he wrote: "Sorry for breaking your privacy... I had no other choice?after all the reports I sent to Facebook team." He also posted an image grab of this message on his blog.
Facebook responded to Shreateh and initially disabled his account, due to policy violations:
"Facebook disabled your account as a precaution," Facebook wrote to Shreateh. "When we discovered your activity we did not fully know what was happening. Unfortunately your report to our Whitehat system did not have enough technical information for us to take action on it. We cannot respond to reports which do not contain enough detail to allow us to reproduce an issue. When you submit reports in the future, we ask you to please include enough detail to repeat your actions," Facebook's response read. "We are unfortunately not able to pay you for this vulnerability because your actions violated our Terms of Service. We do hope, however, that you continue to work with us to find vulnerabilities in the site."
Facebook security engineer Matt Jones posted a comment Sunday on a security forum saying "we fixed this bug on Thursday," and admitted that "we should have asked for additional... instructions after his initial report."