Poor Communication Cost Would-Be Hacker His $500 Reward for Finding Facebook Security Bug


To help protect your privacy, only your Facebook friends are supposed to be able to write on your wall. However, in 2013, a Palestinian security expert named Khalil Shreateh found a glitch that allowed anyone to post on a stranger’s wall. This security vulnerability had the potential to be a serious invasion of privacy, so Shreateh reported it to the Facebook security team.

Shreateh’s original message to Facebook security read as follows (including the errors):
"My name is Khalil Shreateh. I finished school with B.A degree in Information Systems . I would like to report a bug in your main site (www.facebook.com) which i discovered it...The bug allow Facebook users to share links to other facebook users , I tested it on Sarah.Goodin wall and I got success post.”

Sarah Goodin, one of Facebook founder Mark Zuckerberg’s friends and a fellow Harvard alumnus, had no connections to Shreateh, thus proving the security professional’s point: he could post to a complete stranger’s wall without her consent. However, because Shreateh’s first language is Arabic, his English-language bug report came across as poor communication .

Due to his limited English, Shreateh’s message went unheeded. Facebook responded saying the issue "was not a bug," and Shreateh was forced to take drastic measures to get his message across. He posted directly to Zuckerberg’s Facebook wall, a choice that ended up costing him the usual $500 reward Facebook gives programmers who find holes in the site’s security. (This bounty program is designed to bribe hackers into revealing glitches instead of exploiting them.)

Shreateh couldn’t help that English was not his first language, but he could have countered his poor communication by asking an English-speaking editor to review his statement before he submitted it to the security team. His direct violation of Zuckerberg’s privacy got him the attention he wanted, and the glitch was fixed, but he missed out on the $500 reward.

The story does have a happy ending, however, as Shreateh received well over $10K for his efforts, thanks to a white hat hacker Indiegogo campaign through gofundme.com.

Develop your writing skills and learn how to avoid costly poor communication mistakes in the workplace. Combat the cost of poor communication with our  writing courses . Further your business communication prowess with Hurley Write, contact us today.
Image via  Shutterstock.com