Khalil Shreateh’s Facebook bug reporting actually started to payout more than $11000 USD. However, not by the company but the internet crowd funding!
Palestinian security researcher Khalil Shreateh found a bug in Facebook and tried to report it to the FB authorities several times. But after their negligence he managed to post about it directly to the Founder/CEO Mark Zuckerberg’s wall. Then came the reply from the company authorities about solving this issue and another shocker – This action of hacking into another’s account can’t be rewarded. Facebook subsequently contacted him to send more information on how did he managed to find the bug and the exploit, they also told him that he has broke the Terms and Conditions of the Bug Hunting bounty program an not eligible to get the reward.
After this controversial incident, the whole internet community seems to show sympathy towards the young security researcher from Palestine and everyone came to know that, his intention was only to earn $500 from the reward program, which was denied by the company. Then came BeyondTrust CTO Marc Maiffret, who decided that Khalil deserves something more than $500 bounty for his efforts and he set up a crowdsourced fund raising of $10000 on GetFundMe and donated $3000 to begin the sourcing. Later, eEye Digital Security founder Firas Bushnaq also donated $3000, then started the actual fund raising, which leads it to 11K+ ($10,910 is the current update).
He would have got his Facebook bounty, if he had used a new test account for the bug report and provide the complete information in details to the authority. Facebook already announced that the bug hunters shouldn’t test any live accounts to find the threats and it may payout million dollars, if any one able to find the million-dollar bug. What do you say, Does Khalil has got enough reward from the community or still Facebook has to change it’s mind?