Facebook Denies White Hat Payment to Loyal Member

Facebook’s White Hat Program pays community members set amounts of cash for reporting security vulnerabilities. However, when Khalil Shreathe, a systems information expert from Palestine, reached out to the security team last Friday, he was brushed off.

Shreathe’s initial report described a bug that allows you to post on anybody’s wall, even if they are not your friend. To demonstrate, he posted a link on Sarah Goodin’s wall, a college friend of Mark Zuckerberg.

A member of the Facebook Security team clicked the link, received an error message, and told Khalil that what he had found was in fact not a bug at all. So Khalil took his efforts to the next level, politely posting his link on Zuckerberg’s own wall and exploiting the bug once more.

“Sorry for breaking your privacy to post to your wall,” says Shreathe in his post. “I had no other choice to make after all the reports I sent to Facebook team.”

This time, he got a heavy response from Facebook engineers. However, Facebook denied Khalil a reward for finding the bug. Typically, security researchers are paid upwards of $500 for responsibly filing critical bug reports.

“The bug was demonstrated using the accounts of real people without their permission,” says Facebook Security Engineer Matt Jones. “Exploiting bugs to impact real users is not acceptable behavior for a white hat.”

Khalil did, in fact, not follow Facebook’s disclosure rules, but he was courteous in his demeanor, responsible in his actions, and did not sell his bug to spam advertisers. Surely a company that pays out over $1 million to bug reporters annually can give Khalil a little something for his efforts.


Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Will is a Senior Writer with Tech.Co, based out of America's Finest City: San Diego. He covers all territory West of the Mississippi river, digging deep for awesome local entrepreneurs, companies, and ideas. He's the resident Android junkie and will be happy to tell you why you should switch to the OS. When he's off the clock, Will focuses his literary talent on the art of creative writing...or you might find him surfing in Ocean Beach. Follow Will on Twitter @WJS1988
Explore More See all news
Back to top
close Building a Website? We've tested and rated Wix as the best website builder you can choose – try it yourself for free Try Wix today