Researcher Hacks Mark Zuckerberg's Facebook Timeline to Report Bug

PHOTO: FILE - In this Jan. 3, 2011 file photo, shows Facebook CEO Mark Zuckerberg smiling in San Francisco.

If you want to let Facebook know that there is a security bug that allows anyone to post on your Timeline, then demonstrating it on Mark Zuckerberg's Timeline seems like a surefire way to get the social network's attention.

That's exactly what Palestinian security researcher and hacker Khalil Shreateh did. Shreateh figured out that by entering in some website URLs, grabbing one's Facebook ID and doing some other non-obvious copying and pasting, he could post something on a non-friend's Facebook Timeline.

Shreateh first reported the bug to Facebook's White Hat Security team, which responded to his initial report by saying, "this is not a bug." That's when Shreateh decided to try it out on Facebook CEO Zuckerberg's Timeline.

WHAT TO KNOW
  • Security researcher hacked into Mark Zuckerberg's Facebook to demonstrate a security hole
  • Facebook has since fixed the bug

"First sorry for breaking your privacy and post to your wall," Shreateh wrote on Zuckerberg's Timeline. "I has no other choice to make after all the reports I sent to Facebook team."

The Timeline is a collection of users' personal photos, stories and experiences.

Facebook patched the security hole Thursday and clarified that the original tip was not ignored, but that there simply wasn't enough information provided.

"We should have asked for additional repro [reproduction] instructions after his initial report," Facebook software engineer Matt Jones wrote on Hacker News, a forum for the security community. "Unfortunately, all he submitted was a link to the post he'd already made … Had he included the video initially, we would have caught this much more quickly."

Shreateh has since posted a YouTube video showing exactly how he was able to post something on a non-friend's Timeline.

Jones also suggested that Shreateh's English was hard to understand, but clarified that Facebook gets hundreds of reports and that some of the "best reports come from people whose English isn't great."

With its White Hat program, Facebook allows security researchers to report security vulnerabilities and receive a monetary reward for reporting certain security bugs. Shreateh, however, was not paid for finding this vulnerability because he violated the White Hat Terms of Service by demonstrating the exploit by using the accounts of real people without their permission.

On the other hand, can you really put a price on hacking into Mark Zuckerberg's Timeline?

Join the Discussion
You are using an outdated version of Internet Explorer. Please click here to upgrade your browser in order to comment.
blog comments powered by Disqus
 
You Might Also Like...
See It, Share It
PHOTO: Sex can be good for you in more ways than one.
Yuri_Arcurs/Getty Images
PHOTO:
Costica Acsinte Archive/Flickr | Jane Long
PHOTO: A look at the NightOwl app, which is in development at Carnegie Mellons Integrated Innovation Institute.
Integrated Innovation Institute at Carnegie Mellon University
PHOTO: Chelsea Clinton speaks to children at the Pirate and Princess: Power of Doing Good Tour on July 25, 2014 in New York City.
Desiree Navarro/Getty images
Lea Michele
Seth Poppel/Yearbook Library