OFFICIAL SECURITY BLOG
August 19, 2013 | BY Jérôme Segura
Last week, a Palestinian hacker found a flaw in Facebook that allowed you to post on anybody’s wall, even if you were not one of their friends.
After a couple of unfruitful reports to Facebook’s white-hat program, the hacker decided to go public in a big way by posting directly on the wall of Facebook’s founder Mark Zuckerberg.
This is not the first time someone attempts to report a bug and does not hear back. In some cases, companies prefer to turn a blind eye and silently fix the issue before it gets reported by the media.
However, this does not quite appear to be the case here, based on the email published by the Palestinian hacker:
First there’s the language barrier and also the lack of technical details. Also, Facebook’s bug bounty program clearly states hacks should be done on ‘test’ accounts, not real ones — he hacked Sarah Goodin’s account, one of Zuckerberg’s Harvard classmates.
Having said that, there is still quite an issue here with Facebook’s security and privacy. Granted, the fact that Facebook is the largest social network in the world makes it a popular target for hackers.
But is it enough to forgive the company for these security lapses when users are encouraged to share as much personal information as they can?
The fact of the matter is that vulnerabilities in Facebook have always existed and there will be more.
That’s a sober reminder that one should be cautious about what they share online, especially on social networking sites.
Jerome Segura (@jeromesegura) is Senior Security Researcher at Malwarebytes.