Facebook hack fail: hacker reports hack, doesn’t get paid

Facebook hack fail: hacker reports hack, doesn’t get paid

Apparently Ḱhalil reported a bug where people without privacy clearance have access to Facebook pages. Even if people set their pages to ‘friends only’, it was possible for someone without ‘friend’ access to see the page and post on the page.

Ḱhalil sent Facebook a report but they claimed that following his instructions gave them an error report so there wasn’t a problem.

When Ḱhalil reported again, Facebook claimed that it’s not a bug and still refused to take action.

So Ḱhalil posted on Mark Zuckerberg’s wall to prove his point.

Facebook hack: hacker posts on Mark Zuckerberg's wall to prove his point

Facebook hack: hacker posts on Mark Zuckerberg’s wall to prove his point

After this, Facebook disabled Ḱhalil’s account and later re-enabled it.

BUT FACEBOOK REFUSED TO PAY ḰHALIL FOR HIS REPEATED REPORTING AS THEY SHOULD HAVE.

Ḱhalil says that Facebook requires people to prove their concept, which is why Ḱhalil posted – respectfully – to Mark’s wall.

Facebook responded to concerns over their refusal to pay Ḱhalil: they were obstructive and unresponsive to this guy who tried his best, struggling against obstructive IT guys and struggling with instructions in English as a second language.

In the future other critical bugs may not get reported because of Facebook’s punitary attitude and refusal to pay, leaving everyone’s accounts vulnerable.

Joe Sullivan the Chief Security Officer at Facebook said:

I’ve reviewed our communication with this researcher, and I understand his frustration. He tried to report the bug responsibly, and we failed in our communication with him.

So Ḱhalil doesn’t get paid because Facebook failed.