Yesterday, news of Facebook refusing to reward a white hat hacker who found a critical bug on the social network went viral, which led to the attention of the white hat hacker community. The Facebook security team’s reaction prompted quite a reaction, with many condemning the team’s refusal to reward Palestinian hacker Khalil Shreateh under its Bug Bounty programme – but still fixing the bug shortly after.
As a result, Marc Maiffret, a former teen hacker and prominent security researcher, began a crowdfunded donation drive to reward Shreateh for his efforts to further encourage his efforts. He even chipped in $3000 to get the ball rolling. At the time of writing, the total donation has reached $7265 in only 11 hours. The donation drive aims to hit a goal of $10000, all of which will be sent to Shreateh, who has been unemployed for two years.
Wired also reports of how a breakdown in communication played a part in the swift rejection of Shreateh’s bug report. In addition, by demonstrating the bug by posting on the wall of one of Facebook CEO Mark Zuckerberg’s college friends, Shreateh also did not adhere to the SOP required to be eligible for the Bug Bounty, which among others requires bug testing to be conducted on test accounts. On the other hand, Jesse Kornblum, a member of Facebook’s security team, acknowledged that the situation could have been handled better, and added that “mistakes were made on both sides”.
It remains to be seen if Facebook will provide any compensation to Shreateh.