Facebook may have stiffed Palestinian security researcher Khalil Shreateh, but the Internet is riding to the rescue.
And the white hat hacker stands to collect a whole lot more than the $500 reward Facebook won’t pay him for discovering a zero-day vulnerability on the site—thanks to a GoFundMe collection taken up for Shreateh, he’s currently parlaying that relatively paltry sum into $10,000 and counting.
After Shreateh discovered a glitch that he said allowed people to post to other Facebook users’ Timelines, he notified the social network’s bug-disclosure and bounty program in several emails but got the brush off in response.
So the unemployed bug-hunter upped the stakes, big time. A few days ago, Shreateh used the loophole he’d discovered to post a message about the glitch on Facebook CEO Mark Zuckerberg’s own profile page.
That certainly got everybody’s attention.
Facebook hastened to fix the vulnerability but in the aftermath of the embarrassing episode, made it known that Shreateh wouldn’t be paid the $500 reward the bounty program offers to folks who notify the social network about such glitches. It turns out you’re not supposed to actually hack the site to prove that an exploit you’ve discovered is a real thing. That little no-no is actually plainly stated in the program’s guidelines.
So that puts Facebook in the position of being technically correct about withholding a reward for Shreateh. But it’s a decision that apparently doesn’t sit well with a lot of people, nonetheless.
And some of them are doing something about it.
On Tuesday, ZDNet’s Michael Lee spotted the GoFundMe campaign to raise some cash for Shreateh. It was started on Monday by BeyondTrust CTO Marc Maiffret, who kicked in $3,000 to get the ball rolling.
As Lee reports, Firas Bushnaq, the founder of BeyondTrust property eEye Digital Security, added another $3,000 and then it was off to the races—in less than 24 hours, contributors have taken the fund all the way to its $10,000 goal and beyond.
As of Tuesday evening, the tip jar for the man who hacked Mark Zuckerberg contained $10,320.