Hit or miss? Facebook denies reward to hacker pointing out security flaw

When 'white hat' hacker Khalil Shreateh told Facebook about a security flaw that allowed anyone to post on a stranger's wall, he was told it 'was not a bug'.

Hacked off: Mark Zuckerberg
Hacked off: Mark Zuckerberg

So he took it to the top, using the bug to write a message on the Facebook wall of founder Mark Zuckerberg (pictured). The hack won him publicity, but the company said it violated its terms and refused to pay him the usual $500 reward for informing it of security threats. 

How I see it

Matt Park, MD of social, The Red Consultancy 

Peel away the sensationalism around the choice of target and we’re left with the frustrated actions of a hacker who tried to help Facebook but wasn’t taken seriously.

Facebook’s reaction to the hack might seem muted from a pure PR point of view: suspending the hacker’s account, confirming that no reward will be paid out as he bypassed the official reporting system, and limiting the comms response to a post on a hacker forum.

Facebook might have generated short-term PR goodwill by paying the reward but this would have declared open season for hackers to expose security flaws publicly, and then demand payment for doing so.

Its response is designed to protect its interests and credibility in the longer term, which all good PR should do.

Was Facebook's decision a hit or a miss? Tell us in the comments, below.

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Already registered?
Sign in