Hacking Mark Zuckerberg: Is Anyone Safe Online?
And then Mark Zuckerberg was hacked.
For those of you who haven't heard the news, a Palestinian man, Khalil Shreateh, recently broke into Zuckerberg's account to highlight a dangerous security breach on the site. According to Shreateh, he repeatedly reported the vulnerability, which makes it possible for hackers to post to any user's timeline, only to be told that it wasn't a bug.
After sending two emails to Facebook's "whitehat" security breach site, which promises a minimum $500 reward to people who identify bugs on the site, Shreateh decided to demonstrate Facebook's vulnerability by posting to Zuckerberg's timeline.
The message was benign: Shreateh began by apologizing for the breach of privacy, then pointed out the security gap -- and the problems that he faced when he tried to report it. In return, Facebook (FB) put his account on lockdown, fixed the bug, and refused to pay him the $500 bounty, because he violated Facebook's terms of service when he hacked Zuckerberg.
One could debate whether or not Facebook owes Shreateh cash (I'd argue that it does). Regardless, there's a larger question is whether or not the company's security protocols are sufficient. Never mind that the billionaire head of the company -- and all of its users -- are vulnerable to attack; if Facebook can't be trusted to follow up on tips sent in through its white-hat protocols, it's worth asking if it can be trusted with the online lives of an estimated 1 billion users worldwide.
Bruce Watson is DailyFinance's Savings Editor. You can reach him by e-mail at firstname.lastname@example.org, or follow him on Twitter at @bruce1971.