This is one story which just does seem to end, even as Facebook has now issued an official statement regarding the incident involving a hacker who did not receive compensation from the social network for exposing a serious bug in its structure. Much has been said and written about it all over the world, and Facebook’s Chief Security Officer has finally decided to respond to the incident by means of a blog post. He has admitted the site’s failure in communication with the hacker, and has described in detail, Facebook’s side of the story.
Under the site’s whitehat program, it has a policy of paying those who manage to successfully expose its bugs and make it more secure. A Palestinian researcher named Khalil Shreateh discovered one such vulnerability which allowed anyone to post links on other people’s Facebook walls. Following this discovery, he tried contacting Facebook’s whitehat disclosure service for claiming his reward. The site then apparently refused to acknowledge the bug, even despite Khalil having sent a screenshot of something he had posted on the wall of Zuckerberg’s friend Sarah Goodin.
This led him to go the distance and post a link to his blog on the wall of none other than Mark Zuckerberg. The social network then took notice of the bug and sprung into action, but it argued that Khalil’s original report did not have enough technical information in it. This was followed by a fundraising camping for Khalil which raised $11,000 for the researcher. Facebook however, has refused to pay him citing that he violated the terms and conditions of the whitehat program.
The apology from the site has come along with claims that it will be more efficient in dealing with such matters in the future. To do so, Facebook will be improving its email messaging for researchers and even update its whitehat page with more information.