Facebook hacked off by Zuckerberg page posting

PUBLISHED : Tuesday, 20 August, 2013, 12:00am
UPDATED : Tuesday, 20 August, 2013, 1:45am

A researcher who hacked into Facebook chief Mark Zuckerberg's profile to expose a security flaw won't get the customary reward payment from the social networking website.

While Facebook offers rewards for those who find security holes, it seems that Palestinian researcher Khalil Shreateh went too far by posting the information on Zuckerberg's own page.

Shreateh said on his blog he found a way for Facebook users to circumvent security and modify a user's timeline.

He said he decided to hack into Zuckerberg's profile after being ignored by the site security team. "So I did post to Mark Zuckerberg's timeline, as those pictures show," he said, including screen shots of the posting.

"Dear Mark Zuckerberg," he wrote. "First sorry for breaking your privacy and post to your wall, I had no other choice to make after all the reports I sent to Facebook team. My name is Khalil from Palestine."

His reward for exposing the flaw was having his Facebook account disabled. Facebook said it appreciates help with security but not by hacking into user accounts.

Facebook security engineer Matt Jones said on the YCombinator hacker news forum: "We welcome and will pay out for future reports from him [and anyone else!] if they're found and demonstrated within these guidelines."