'White hat' hacker breaks into Mark Zuckerberg's Facebook account
A computer hacker broke into Facebook and posted on Mark Zuckerberg's wall to demonstrate a security breach on the social media site.
Screenshot from Khalil Shreateh's blog
Where you were last week, what you ate for dinner last night, and those vacation photos from spring break, all of this information – and all of your friends’ comments on these Facebook postings – make up a breadcrumb trail of your life.
So what happens if someone can break into your account and post anything on your wall, without your control?
That’s just what happened to Facebook founder and Chief Executive Officer Mark Zuckerberg over the weekend.
A “white hat” hacker – meaning he claims to have no nefarious intentions – broke through layers of security around Mr. Zuckerberg’s account and left a letter to make a point: there was a security breach, and no one was doing anything about it.
To help maintain user security, Facebook offers a “White Hat” bug bounty program. Computer hackers are offered monetary rewards, starting at $500, for discovering a weakness in the social network’s security system.
Khalil Shreateh, a Palestinian computer hacker, submitted information about the vulnerabilities he found in the system to Facebook via e-mail, according to a post made on Mr. Shreateh’s Blogspot site.
“Days ago i discovered a serious facebook vulnerability that allows a Facebook user to post to [any user's] timeline[s] even [if] they are not in his friend list,” writes Shreateh.
He tested out the weakness on the wall of a “girl that was in the same college with Mark Zuckerberg,” Sarah Goodin. Shreateh sent a screenshot of Ms. Goodin’s Facebook wall to the security team, and was at first ignored and then was told that the glitch the hacker allegedly found was “not a bug.” The security team likely did not have access to the wall post because they did not have access to Goodin's account, according to some commentators.
After the Facebook security team reportedly rebuffed Shreateh several times, the hacker “had no choice than to post to Mark Zuckerberg’s timeline,” according to Shreateh’s blog. This led to Shreateh’s account promptly being disabled, only for it to be reinstated after the security team discovered that Shreateh was, in fact, trying to alert the company to a larger security problem.
But Shreateh's method of getting the Facebook team's attention meant that the benefits of making a white-hat discovery were no longer available to Shreateh. In other words, he was not eligible for the $500 minimum in prize money. By breaking into Zuckerberg's account and posting on his wall, Shreateh violated the sites Terms of Service.