Facebook Security Bug Warning Backfires

Tickers in this article: FB

NEW YORK (TheStreet) - Researcher Khalil Shreateh warned Facebook about a security problem he had discovered. Only he didn't get what he expected, a monetary reward.

The self-proclaimed Internet security expert in Palestine thought he found a vulnerability that allows someone to create a message and post it on anyone else's Facebook wall. He tested his theory by creating a rogue posting to Sarah Goodman's wall. Ms. Goodman is a friend of Facebook CEO Marc Zuckerberg and the first woman to join the service.

Shreateh's blog claims he wrote to Facebook and warned the company about the problem, attaching a screen shot of his findings. He figured that under Facebook's "white hat" disclosure policy he would be eligible for a $500 (minimum) reward for reporting a bug.

A Facebook employee wrote back to him, saying, "I am sorry this is not a bug." After that, Shreateh posted a message on CEO Marc Zuckerberg's personal timeline to warn him of the problem he had discovered, this getting Facebook's attention.

Within minutes, Shreateh received an email response from a Facebook security engineer asking for details, and Shreateh's account was immediately suspended. He was told his original report didn't have enough technical information for the company to take appropriate actions. That was followed by another engineer's email explaining the company wasn't going to pay him a finder's fee because his actions violated the company's "Terms of Service".

Shreateh's account has since been reinstated but he's not going to be rewarded for his actions.

Facebook shares were advancing 0.49% to $37.25 in early Monday trading.

--Written by Gary Krakow in New York.

>To submit a news tip, send an email to: tips@thestreet.com.26