With the widespread use of the internet, social networking has become a popular hobby amongst people. It is said to be an excellent way for communicating with people, sharing information and even starting up small home-based businesses. Amongst these social networks, the name of Facebook is renowned as it is the largest social network of the world. Mark Zuckerberg and his Harvard roommates launched it in 2004 for the college students, but it has spread far and wide and is being used by 1.1 billion people all over the globe. However, the use of these networks bears risks because there are security loopholes that exist.
Facebook offers rewards to technicians and researchers who are able to point out the flaws and ways to close them. However, the social network has refused to give the said reward to a researcher who exposed a security flaw in the system. This is perhaps because the researcher hacked into the profile page of Mark Zuckerberg, the creator of Facebook himself in order to expose this flaw and is thus being denied the customary reward payment from the social network. Rewards are given to those who discover security hole, but it seems that Khalil Shreatah, a Palestine researcher may have gone too far when he decided to post this information directly onto the profile page of Mark Zuckerberg.
The Palestine researcher stated on his own blog that he had discovered a way through which users of the social network could alter the timeline of another user by circumventing the security of the system. He mentioned that the security team of the social network had ignored him and this had urged him to take the unusual step of accessing Zuckerberg’s profile and posting it there. Screenshots of the posting were provided on his blog as proof that he had indeed done so.
His post on Zuckerberg’s wall apologized for the action, but he mentioned that Facebook’s security team wasn’t taking him seriously. For exposing this security flaw, his reward had been getting his own Facebook account disabled. However, he had received a message stating that he had violated the Terms of Service due to which he wouldn’t be paid a reward. But, the message also said that they hoped he would continue exposing any vulnerability he could find in the system. Facebook said that it appreciated the help of researchers in identifying flaws, but it did not give permission to hack into the accounts of users.
Matt Jones, the security engineer of Facebook posted on Sunday saying that the bug had been resolved on Thursday, but they should have consulted the researcher for additional instructions after the initial report had been received. He said that the social network received hundreds of reports on a daily basis and over $1 million had been paid for them. But, most of these reports are misguided or simply not worthy of attention. He said that the important issue was how the flaw had been demonstrated and now what it was. Therefore, no payment would be made.