Facebook CEO Mark Zuckerberg is unlikely to forget the name Khalil Shreateh in a hurry after what happened to him recently.
Some time back, Palestinian security researcher Khalil got in touch with Facebook team to inform them about a bug that lets anyone post to someone's Facebook wall, even if they are not friends with the individual on Facebook. Khalil claims he shared details of the vulnerability with the Facebook team after having successfully tested it by posting to the Facebook wall of Sarah Goodin, a friend of the Facebook CEO.
Despite having attached a screenshot of his post on Goodin's wall (someone who he obviously wasn't Facebook friends with), the Facebook security team rejected Khalil's claims saying, "I am sorry this is not a bug."
Upset at the rebuff, Khalil decided to notify Facebook Mark Zuckerberg himself, by using the bug to post directly to his wall. Within minutes of the post, Khalil reportedly heard from Facebook security engineer Ola Okelola, requesting details of the exploit. Facebook also temporarily disabled Khalil's account as it investigated the issue, to prevent him from exploiting the bug.
Ultimately, Facebook acknowledged the bug and re-enabled Khalil's account. However, Khalil, who detailed the incident on his blog, will not be eligible for the $500 payout that Facebook gives to security researchers that help find bugs, as he used real accounts instead of dummy accounts to demonstrate the bug, which is a violation of Facebook's policies.
In case you are wondering what happened to the bug itself, another Facebook engineer has revealed that the bug was fixed on Thursday.