A security researcher said he was forced to publish an unauthorised post on Mark Zuckerberg's Facebook Wall to demonstrate a privacy vulnerability to the social networking giant.
Khalil Shreateh described in a blog how he reportedly disclosed the unconfirmed bug to Facebook by posting an update to the Wall owned by a friend of Zuckerberg who he was not connected to, a feat which breached site privacy policies.
According to a purported email chain, Shreateh offered to post an update to an account held by the Facebook security team as a proof of concept, but was told only that the alleged vulnerability was not a bug.
He then posted an update to Zuckerberg's Wall where a Facebook software engineer reached out requesting more details.
From there, Shreateh's account was temporarily suspended and he was told he would not receive the cash bug bounty rewards on offer from the site since he did not report the flaw according to normal procedures.
Facebook did not immediately return requests for comment.
Cipherlaw attorney James Denaro said on Twitter he would advise against Facebook paying out a bug bounty because the site could find itself in a "legally risky" scenario.
_page-0001.jpg&w=100&c=1&s=0)
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
