Facebook: Zuckerberg exploit was our bad…sorta

If you were trying to alert Facebook to a problem, but weren’t getting through to anyone what would you do? You could ask to speak to a supervisor or you could use an exploit to post about your issue on Mark Zuckerberg’s wall.

Guess which route a Palestinian white hat hacker took after his initial attempts to alert the social network to a security flaw were rebuffed.

The hacker, who goes by the name “Khalil,” discovered an exploit which allows people to post on Timeline pages, even if they’re not connected to that person. Khalil says he tried alerting Facebook’s security team to the flaw. After getting no joy out of them, he decided to use the exploit to post on Zuckerberg’s wall.

The gamble paid off too. The flaw was fixed shortly after he posted to the page.

Since then, Facebook’s security team has admitted that it should have paid more attention to what Khalil was saying. “We should have pushed back asking for more details here,” Facebook software engineer Matt Jones wrote on Hacker News.

In the same post however, he said that Khalil’s limited grasp of English made it more difficult for the team to understand what he was trying to say. He also says that the hacker didn’t initially provide enough information for the team to take action.

As AllThingsD points out, it’s also worth bearing in mind that Facebook receives hundreds of bug reports every day as part of its Bug Bounty programme, which pays people for identifying issues in the site’s code.

Facebook says it will continue encouraging hackers like Khalil to keep hunting down bugs on the social network.