The idea that the Internet is a dangerous place is hardly a revelation: over the past few years, we’ve covered identity theft and LivingSocial hacks, LinkedIn breaches and data mining. We’ve talked about the myths of online security, allowed hackers to attack our accounts and even — in my case — discussed the aftereffects of a bank account breach. It would seem, at this point, that there wasn’t much more to be said about online predators.
And then Mark Zuckerberg was hacked.
For those of you who haven’t heard the news, a Palestinian man, Khalil Shreateh, recently broke into Zuckerberg’s account to highlight a dangerous security breach on the site. According to Shreateh, he repeatedly reported the vulnerability, which makes it possible for hackers to post to any user’s timeline, only to be told that it wasn’t a bug.
After sending two emails to Facebook’s “whitehat” security breach site, which promises a minimum $500 reward to people who identify bugs on the site, Shreateh decided to demonstrate Facebook’s vulnerability by posting to Zuckerberg’s timeline.
The message was benign: Shreateh began by apologizing for the breach of privacy, then pointed out the security gap — and the problems that he faced when he tried to report it. In return, Facebook (FB) put his account on lockdown, fixed the bug, and refused to pay him the $500 bounty, because he violated Facebook’s terms of service when he hacked Zuckerberg.
One could debate whether or not Facebook owes Shreateh cash (I’d argue that it does). Regardless, there’s a larger question is whether or not the company’s security protocols are sufficient. Never mind that the billionaire head of the company — and all of its users — are vulnerable to attack; if Facebook can’t be trusted to follow up on tips sent in through its white-hat protocols, it’s worth asking if it can be trusted with the online lives of an estimated 1 billion users worldwide.
Bruce Watson is DailyFinance’s Savings Editor. You can reach him by e-mail at firstname.lastname@example.org, or follow him on Twitter at @bruce1971.