Hacker lays down the 'flaw' on Zuckerberg's Facebook account

A security researcher showed Facebook CEO Mark Zuckerberg a bug in the social network by breaking into the mogul's page late last week — a move he says he made after the company downplayed the flaw when he flagged it through formal channels.

Khalil Shreateh, a Palestinian living in Hebron in the West Bank, found a flaw that lets people post on the walls of other Facebook users even if they're not friends with them.

Shreateh brought the flaw to the attention of Facebook's security team, but the social network's officials didn't think he had found a problem. The hacker then posted to Zuckerberg's Facebook wall.

Facebook offers rewards to users who find security bugs, and Shreateh was out for the bounty. The minimum amount the network offers is $500, and there's no upper limit.  

Facebook immediately disabled Shreateh’s account. The site reactivated it later but denied him the reward.

According to All Things D, the Wall Street Journal’s digital blog, Matt Jones, a member of the Facebook security team, responded on Sunday to the incident by admitting that the company should have looked a little deeper into the flaw but said the researcher violated the site's terms of service by exploiting a bug to show it existed.

Jones said the company fixed the problem last Thursday, adding that it's difficult for the company to sift through the number of benevolent, or white hat, hacker emails it receives.

Al Jazeera