A security researcher has revealed how he was forced to make Facebook sit up and take notice, after they continually ignored his warnings about a Facebook bug. Khalil Shreateh tried to get Facebook to act on the bug, before he was forced to take matters into his own hands.
Shreateh explained, "Days ago I discovered a serious Facebook vulnerability that allows a Facebook user to post to all Facebook users timeline even [though] they are not in his friend list." However, Facebook seemed uninterested and responded with a glib response, "I am sorry, this is not a bug."
Khalil then decided to make them take notice, by posting directly on Mark Zuckerberg's timeline. This led to his own Facebook account being closed, before they then reinstated it and sent him an email which read, "Unfortunately your report to our Whitehat system did not have enough technical information for us to take action on it."
It continued, "We cannot respond to reports which do not contain enough detail to allow us to reproduce an issue. When you submit reports in the future, we ask you to please include enough detail to repeat your actions. We are unfortunately not able to pay you for this vulnerability because your actions violated our Terms of Service. We do hope, however, that you continue to work with us to find vulnerabilities in the site. We have now re-enabled your Facebook account."
Nice to know that Facebook appreciate the efforts of others.