In an embarrassing breach of security, Facebook founder Mark Zuckerberg had his profile hacked into by an IT worker in Palestine.
The hacker managed to write and share links on Zuckerberg’s private timeline, even though they were not Facebook friends.
Khalil Shreateh, an IT security researcher, had contacted the social network giant twice trying to report the glitch in Facebook’s security system, but had been told that there was no problem.
Frustrated, he decided to hack into Zuckerberg’s profile to prove his point.
In the post which has since been removed, he apologised for breaking Zuckerberg’s privacy, adding: “I had no other choice… after all the reports I sent to Facebook team”.
In less than a minute, Shreateh’s account was suspended and he was contacted by a Facebook security engineer requesting the details of the hack.
Facebook pays a minimum $500 reward for any security flaws that a hacker finds. However, the company has refused to pay Shreateh for discovering the vulnerability because his actions violated Facebook’s Terms of Service.
Matt Jones from Facebook’s security team confirmed that the bug has now been fixed, admitting that the company should have asked more details after Shreateh’s initial report.
“We get hundreds of reports every day. Many of our best reports come from people whose English isn’t great – though this can be challenging, it’s something we work with just fine and we have paid out over $1 million to hundreds of reporters,” he said.
“However, many of the reports we get are nonsense or misguided. We should have pushed back asking for more details here.”
Shreateh has made a video explaining his misadventure and shared it online, where it has already been viewed over 140,000 times.