Palestinian apologizes for yesterday hacking Zuckerberg’s Facebook page

Khalil Shreateh contacted Zuckerberg in an attempt to claim reward Facebook pays users who find holes in its security.

   

Palestinian hacker Khalil Shreateh has apologized to Facebook CEO Mark Zuckerberg for gaining access to his wall in an attempt to prove a glitch, Al Arabiya reported on Monday.

Shreateh accessed the page of the social media website’s founder by taking advantage of a glitch that would allow any Facebook user to post on a stranger’s wall, despite security settings designed to help users keep their pages private.

Facebook has a reward for hackers who manage to bypass their security system, hoping this will act as an incentive to report glitches rather than exploit them.

The hacker first contacted the Facebook security team after proving a glitch was real by writing on the wall of a friend of the Facebook founder.

Shreateh – whose first language is Arabic – wrote to Facebook saying: “My name is Khalil Shreateh. I finished school with BA degree in Information Systems. I would like to report a bug in your main site (www.facebook.com) which i discovered it...The bug allow Facebook users to share links to other facebook users, I tested it on Sarah.Goodin wall and I got success post [sic].”

Shreateh went on to recount his attempts to notify the social media site, and posted a grab of the message on his blog. He says he hoped his ability to post to Sarah Goodwin’s page would help prove his case to the Facebook security team. There is also a video on YouTube showing how he accessed the various pages.

After Facebook responded by denying that the glitch was a bug, Shreateh used the same glitch to hack his way onto Zuckerberg’s Facebook page. And, in a message to Zuckerberg, he wrote: “Sorry for breaking your privacy.... I had no other choice… after all the reports I sent to Facebook team.”

He also posted an image grab of this message on his blog.

Facebook responded immediately, asking him why he had hacked the page when they had fixed the bug, according to a post by Matt Jones from Facebook’s security team on Hacker News.

According to Hacker News, Shreateh had violated the terms of service by posting to Zuckerberg and Goodin’s accounts and would not be rewarded for his find.

“In order to qualify for a payout, you must make a good-faith effort to avoid privacy violations” and “use a test account instead of a real account when investigating bugs,” the Daily Mail quoted Jones as writing.

“[We] will pay out for future reports from him,” the Mail quoted Jones as saying, “if they’re found and demonstrated within these guidelines.”