Facebook Denies White Hat Payment to Loyal Member

August 19, 2013

4:28 pm

Facebook’s White Hat Program pays community members set amounts of cash for reporting security vulnerabilities. However, when Khalil Shreathe, a systems information expert from Palestine, reached out to the security team last Friday, he was brushed off.

Shreathe’s initial report described a bug that allows you to post on anybody’s wall, even if they are not your friend. To demonstrate, he posted a link on Sarah Goodin’s wall, a college friend of Mark Zuckerberg.

A member of the Facebook Security team clicked the link, received an error message, and told Khalil that what he had found was in fact not a bug at all. So Khalil took his efforts to the next level, politely posting his link on Zuckerberg’s own wall and exploiting the bug once more.

“Sorry for breaking your privacy to post to your wall,” says Shreathe in his post. “I had no other choice to make after all the reports I sent to Facebook team.”

This time, he got a heavy response from Facebook engineers. However, Facebook denied Khalil a reward for finding the bug. Typically, security researchers are paid upwards of $500 for responsibly filing critical bug reports.

“The bug was demonstrated using the accounts of real people without their permission,” says Facebook Security Engineer Matt Jones. “Exploiting bugs to impact real users is not acceptable behavior for a white hat.”

Khalil did, in fact, not follow Facebook’s disclosure rules, but he was courteous in his demeanor, responsible in his actions, and did not sell his bug to spam advertisers. Surely a company that pays out over $1 million to bug reporters annually can give Khalil a little something for his efforts.

 

Did you like this article?

Get more delivered to your inbox just like it!

Sorry about that. Try these articles instead!

Will is a Senior Writer with Tech.Co, based out of America's Finest City: San Diego. He covers all territory West of the Mississippi river, digging deep for awesome local entrepreneurs, companies, and ideas. He's the resident Android junkie and will be happy to tell you why you should switch to the OS. When he's off the clock, Will focuses his literary talent on the art of creative writing...or you might find him surfing in Ocean Beach. Follow Will on Twitter @WJS1988

  • Shares

Leave a Reply

  • (will not be published)
Startup_Mixology_300x250
Startup_Mixology_300x250