RAMALLAH, August 19 (JMCC) - A Palestinian who reported a security gap to Facebook has received no reward from the company, complains the hacker from the West Bank village of Yatta, according to PNN
After many attempts to report the bug to the Facebook Security Team using traditional avenues, and being dismissed, [Khalil} Shreateh decided to utilize the bug and post a message to facebook founder Mark Zuckerberg’s page. Within moments of Zuckerberg receiving this post, Facebook engineers contacted Khalil about the bug, and discussed ways of fixing it. They also disabled Shreateh’s facebook account as a “precaution”.
This bug could have been exploited by spammers to post to anyone’s facebook. Khalil, one of many unemployed Palestinians, could have made an impressive amount of money by selling the exploit, but instead chose to notify facebook. His actions ensured the security of millions of facebook users.
Facebook’s policies compensate individuals who discover bugs and report them with a minimum of $500. The severity of the bug Shreateh’s discovered would have earned him thousands of dollars – but facebook is unwilling to award him the money, due to the ‘nature of reporting’. Had facebook’s security team not continually dismissed Shreateh’s reports, most likely due to his poor English skills, he would have received the money, which could have significantly improved his living standards.