The hacker who broke into Mark Zuckerberg's Facebook Timeline to expose a security lapse will be awarded nearly $12,000 from an online crowdsourced campaign.
The GoFundMe campaign has raised $11,741 for Khalil Shreateh, of Palestine, who claims he was forced to hack into Zuckerberg's page to bring attention to the security vulnerability because Facebook had ignored his earlier warnings.
The bug that Shreateh found allowed him to post on the Timelines of people who weren't his Facebook friends.
The reward for his work was arranged by Marc Maiffret, the chief technology officer of security firm BeyondTrust.
'Khalil Shreateh found a vulnerability in Facebook.com and, due to miscommunication, was not awarded a bounty for his work,' Maiffret wrote on the GoFundMe campaign page. 'Let us all send a message to security researchers across the world and say that we appreciate the efforts they make for the good of everyone.'
Facebook has a 'Bug Bounty' program that pays out at least $500 to hackers who bring software bugs to the company's attention.
Scroll down for video...
Pictured: Only your friends are supposed to be able to write on your Facebook wall, but using the glitch he found, Shreateh wrote about the issue on CEO and founder of Facebook Mark Zuckerberg's wall
Smiling now? He was ignored twice by Facebook security, but Shreateh got a speedy response when he posted to Zuckerberg's wall. But he won't get the usual $500 reward because he violated their terms of service
But the company said Shreateh would not qualify for a reward because he tested the bug against another user.
Joe Sullivan, Facebook's Chief Security Officer, explained the company's decision in a post online.
'We will not change our practice of refusing to pay rewards to researchers who have tested vulnerabilities against real users,' he wrote. 'It is never acceptable to compromise the security or privacy of other people. In this case, the researcher could have sent a more detailed report (like the video he later published), and he could have used one of our test accounts to confirm the bug.'
Shreateh first contacted the Facebook security team after proving the glitch was real by writing on the wall of a friend of the Facebook founder.
But instead of thanking him and fixing the issue, Facebook said it wasn’t a bug.
‘My name is Khalil Shreateh. I finished school with B.A degree in Information Systems . I would like to report a bug in your main site (www.facebook.com) which i discovered it...The bug allow Facebook users to share links to other facebook users , I tested it on Sarah.Goodin wall and I got success post.’
Shreateh, whose first language is Arabic, lives in Palestine and is in no way connected with Zuckerberg’s fellow Harvard alum Goodin. He hoped his ability to post to her page, nonetheless, would help prove his case to Facebook security.
However, instead of repairing the obvious security breach, Facebook replied to Shreateh by saying the issue ‘was not a bug.’
Undeterred, Shreateh used the glitch to hack his way onto Mark Zuckerberg’s Facebook page.
‘Sorry for breaking your privacy,’ he wrote in a since removed post to Zuckerberg, ‘I had no other choice…after all the reports I sent to Facebook team.’
Shreateh went on to recount his attempts to warn the website and posted a grab of the post on his blog.
Minutes later, his pleas were answered. Facebook contacted him demanding to know how he’d hacked their bosses personal page.
‘We fixed this bug on Thursday,’ wrote Matt Jones from Facebook’s security team in a Saturday post on Hacker News.
Facebook has a bounty program designed to bribe hackers into reporting glitches they find rather than exploiting them. Such validated reports are worth $500.
Victim? Zuckerberg uses Facebook to post about big life events, such as his marriage to Priscilla Chan, just like everyone else. And like everyone else, Zuckerberg's account was vulnerable to the glitch Shreatah found
*Article first appeared on http://www.dailymail.co.uk/news/article-2399369/Facebook-hacker-posted-Mark-Zuckerbergs-wall-gets-12k-reward-online-donors.html#ixzz2cgP5S9oH