Have you ever think that Facebook CEO Mark Zuckerberg will the the victim of a hack, yes now something like this happened, when a security researcher from Palestine found a BUG in facebook which allows anyone to post anything to anyone else’s page, regardless of whether they are a Facebook friend of that person.
Researcher initially reported the vulnerability through Facebook’s “white hat” security disclosure service, which offers a minimum bounty of $500 for legitimate bugs.
Unfortunately the Facebook team replied him with “sorry this is not a bug”.
After the reply researcher shows out the vulnerability through a post on Facebook CEO Mark Zuckerberg’s profile, in the post he apologized for the post but said “he had no other choice.”
Researcher wrote:
“[A] couple of days ago I discovered a serious Facebook exploit that allows users to post to other Facebook users timeline while they are not in friend list,” Researcher wrote in his post to Zuckerberg’s timeline. “I appreciate your time reading this and getting some one from your company team to contact me.”
After the post researcher immediately contacted the researcher seeking details of the exploit, his facebook account was also disabled by facebook for precaution.
“When we discovered your activity we did not fully know what was happening,” an engineer who identified himself as “Joshua” told Researcher. “Unfortunately your report to our Whitehat system did not have enough technical information for us to take action on it. We cannot respond to reports which do not contain enough detail to allow us to reproduce an issue.”
Joshua also informed researcher that he would not be receiving a bug reward for reporting the exploit because he violated the site’s terms of service. “We do hope, however, that you continue to work with us to find vulnerabilities in the site,” he wrote.
