Facebook security hacker proves point - by posting to Mark Zuckerburg's wall

“Sorry for breaking your privacy [to post] to your wall, I has no other choice to make after all the reports I sent to Facebook team," the Palestinian hacker wrote on Zuck's wall, which is for his friends only - something he really shouldn't have been able to do.

See, Facebook and other big tech companies run a bounty system, where people who discover security holes and report them get paid cash - at least US $500, and maybe a whole lot more - as encouragement to report them.

Technology news site Techcrunch, though, has the full story, where Shreateh tried to report it, only for a clueless security team member on the other side to keep telling him there was no problem.

"In his initial report of the bug, Khalil demonstrated that he was able to post on anyone’s wall by submitting a link to a post he’d made on the wall of Sarah Goodin (a college friend of Zuck’s, and the first woman on Facebook," Techcrunch reports.

"Unfortunately, the member of the Facebook Security team who clicked the link wasn’t friends with Goodin, whose wall was set to be visible to friends only. As a result, they couldn’t see Khalil’s post."

So, the security team member couldn't seem to understand how this worked on Facebook - not a good sign - and kept telling Shreateh there was no bug. So, after a couple of attempts to get the idea across, Shreateh posted right to the company founder's wall to prove his point.

Apparently he got a reply in the next few minutes.

But, sadly, it looks like the hacker won't get his prize, because he broke Facebook's rules in exposing the security flaw - because he attacked a user's wall to get his point across. Sure, in this case the user is the company founder, but Facebook says it can't reward that kind of thing.

Techcrunch has the full story.