Facebook was founded on the credo “move fast and break things.” Just don’t break Mark Zuckerberg’s Facebook page, okay?
Over the weekend, Khalil Shreateh, a Palestinian programmer, posted a notice on Zuckerberg’s wall helpfully pointing out a security vulnerability on Facebook that allows anyone to post on anyone else’s wall. In the post, Shreateh apologized for doing so—he had to do it, he explained, because he’d tried to report the glitch through Facebook’s normal processes but was ignored. On his own blog, Shreateh posted exchanges he had with Facebook employees, who told him the problem he was describing was “not a bug.”
Matt Jones, who works on security for Facebook, alluded to Shreateh’s imperfect English in explaining why the company didn’t understand his explanation of what he’d found, although Jones said the company is used to dealing with language barriers. “Many of our best reports come from people whose English isn’t great—though this can be challenging, it’s something we work with just fine, and we have paid out over $1 million to hundreds of reporters,” he posted to a thread on Hacker News.
Normally Facebook pays out at least $500 to people who report security problems. But Shreateh’s reward was the temporary discontinuation of his account. Facebook is all for getting reports about security vulnerabilities, but they have to be checked on test accounts, rather than on the accounts of real people. And definitely not on Zuck’s own page.