Facebook may have refused to pay researcher Khalil Shreateh a bug bounty after he posted a message on Mark Zuckerberg’s Facebook page, but that doesn’t mean he’s going to go away empty-handed.
Shreateh posted the message on Zuckerberg’s Facebook page, exploiting the vulnerability he had discovered, after he become frustrated by the poor response from the social network’s security team. Irritated by their claim that he wasn’t reporting a bug, he effectively “went to the top” in order to get their undivided attention.
Shreateh lost the chance of receiving $500 or more from Facebook by breaking their guidelines for responsible investigation and disclosure of flaws on the site, much to the annoyance of many fellow security researchers and hackers online.
Well, if you were one of them, don’t despair. A fundraising campaign started by researcher Marc Maiffret has already raised over $12,000 for Shreateh.
Shreateh may have been unwise to have posted messages onto the Facebook pages of Zuckerberg and his college friend Sarah Goodin without permission, but it doesn’t look as though he’s going to miss out financially because of it.
If you are on Facebook, and want to be kept updated with news about security and privacy risks, and tips on how to protect yourself online, join the Graham Cluley Security News Facebook page.