Facebook Ignored A Security Hole, So A Hacker Went Nuts On Mark Zuckerberg’s Wall

Facebook has been a security nightmare for years, and despite paying lip service to the problem, the site isn’t terribly interested in keeping your data secret from anybody other than competitors. As a result, its security team is noted for being rather high-handed and aloof. So much so that a Palestinian security expert, frustrated with getting blown off, hacked Zuckerberg’s Wall to illustrate the problem.

Really, Khalil Shreateh’s experience can be summed up with one email response: After demonstrating that it was fairly easy to post to somebody’s Wall in a post visible to all users, even if they had their Wall configured to make this impossible, he got back a response of: “This is not a bug.”

So Shreateh first recorded what he was doing:

And then went and hacked Mark Zuckerberg’s Wall using the exploit.

Needless to say, this got Facebook’s attention in a hurry. The first thing they did, in the course of investigating this problem? They blocked Khalil’s account “as a precaution,” and then told him that because he breached their terms of service, he didn’t qualify for Facebook’s bug bounty of $500. Because this, of course, has nothing whatsoever to do with the fact that he publicly shamed their boss after they blew him off completely.

So, the moral of this story is pretty simple: Facebook is a security nightmare and they will be very, very butthurt when you embarrass them about it. In other words, expect a lot of people to decide hacking Zuck’s Wall to embarrass him will be a lot more fun than collecting $500.