Unemployed and brilliant hacker mind, Khalil Shreateh, did what most tech companies would appreciate. He exposed a flaw on Facebook that could had created a wave of chaos. Shreateh shared on his blog explaining he had discovered a vulnerability on Facebook which allowed him to post on another person’s wall. He messaged Facebook to alert of the matter. Facebook stated the link he provided did not work and dismissed his claims. They also dismissed the screenshot Shreateh provided showing he posted on Sarah Goodin’s wall. Sarah Goodin attended the same college as billionaire Facebook founder, Mark Zuckerberg. Facebook denied the claim and any possibility of reward, raising hackles in the hacker community and a fund was born.
Marc Maiffret, CEO of Beyond Trust took offense on the behalf of Shreateh, and started the fund. He created a fund on GoFundMe and wanted to raise $10,000 for the dismissed hacker. Maiffret’s message was simple; he wanted to drive awareness that vulnerabilities found by individuals should be awarded, as promised. In the last 24 hours, the goal was reached and exceeded and Maiffret has stated his next goal is now to transfer the money to Shreateh.
The anger across the hacker community, and beyond reached a breaking point when Shreateh displayed the true core of the vulnerability. The young hacker took to none other than Mark Zuckerberg’s wall to leave a message, apologizing for the entry yet advising that he simply needed to show what was going on. He simply did what was requested, and should have been rewarded, but instead had been declined again by Facebook.
When he applied the screenshot in a message to security, they responded but in a way that was completed unexpected. Facebook disabled Shreateh’s account, citing his discovery of their vulnerability, violated the Terms of Service. Then in a further stunning contradictory statement, the Security Engineer, only known as Joshua re-enabled the account but with a condition. No reward would be given, but they did encourage Shreateh to continually find vulnerabilities in the site.
Dismayed, Shreateh posted the information openly on his blog, inciting cries of anger against Facebook. In a further financial slap in the face, Facebook rectified the vulnerability that was discovered by Shreateh. If this wasn’t a bug as stated by the original response, it was rectified pretty quickly only after discovered by Shreateh- which is why Maiffret took action.
The page was shared collectively over 6,000 times and many individuals contributed to the fund that blossomed over $11,000 in a few short days. Maiffret expressed his gratitude on the funding site, stating a hope of reaching tech channels that researchers should be awarded for their work. Facebook has yet to respond to the hacker community or Shreateh. The level of non-response is further causing outrage across social media circles.
Maiffret and individuals across the world stepped in when Facebook did not. The funding community surpassed the goal as listed by Maiffret, sending a clear message across the tech corporate industry. Further yet is the frustration against a company that is financially gainful, due to their own viewer base. Citing Terms of Service seems an inexcusable reply when the same vulnerability reported is then patched. Shreateh was refuted by Facebook for an award or even an apology, but hackers and individuals across the world are showing their support. And, their anger at social media giant, Facebook.