Shreateh, a Palestinian researcher, got attention last week when he “hacked” the Facebook page of Facebook founder Mark Zuckerberg after the company’s security team gave him the brush off for a security flaw he reported. The bug would have allowed anyone, including spammers and scammers, to post messages to another user’s account, even if the person is not on the user’s Friends list.
“That would be an extremely valuable bug,” says Maiffret. “There’s so many ways to leverage that in cybercrime attacks.”
As proof-of-concept, Shreateh posted an Enrique Iglesias video to a Facebook page that belonged to one of Zuckerberg’s college friends, then sent a note to Facebook’s security team. Facebook’s team initially told him the issue was not a bug, so Shreateh said he’d take the matter straight to Zuckerberg. He then proceeded to use the bug to post a message to Zuckerberg’s personal page.
“First, sorry for breaking your privacy and post(ing) to your wall,” the message read. “I (have) no other choice to make after all the reports I sent to (the) Facebook team.”