Earlier this week, security researcher Khalil Shreateh discovered a Facebook bug that allowed a hacker to post on anyone’s wall — even if they weren’t that person’s friend.
While he was able to prove to Facebook that his bug was legit (despite an initial response that it wasn’t a bug at all), Facebook wasn’t too happy with the way he did it: by using the bug to post on Zuckerberg’s otherwise friends-only wall.
Shreateh tried unsuccessfully to alert Facebook’s security team several times before going rogue all over Zuck’s wall.
The company is understandably upset with the unconventional cyber tip. They are balking at doling out the $500 usually given to researchers who identify viable bugs because Shreateh posted it to a public page and not a test account.
Unfortunately your report to our Whitehat system did not have enough technical information for us to take action on it. We cannot respond to reports which do not contain enough detail to allow us to reproduce an issue. When you submit reports in the future, we ask you to please include enough detail to repeat your actions.
We are unfortunately not able to pay you for this vulnerability because your actions violated our Terms of Service. We do hope, however, that you continue to work with us to find vulnerabilities in the site.
Be careful out there, guys.
[H/T: Tech Crunch]
“