This week Facebook went a little red-faced after its security team didn’t respond to a serious security bug that had been reported by one of its users. The user in question, who went by the name of “Khalil”, discovered a flaw that allowed users to post to other users’ Timeline without being friends with them. Khalil initially reported this to Facebook’s security team, but says that he didn’t get very far.
So Khalil did the next best thing and posted on Mark Zuckerberg’s wall, directly exposing the vulnerability itself. Of course, this immediately got the team’s attention, and the security loophole was subsequently fixed.
While Facebook hasn’t said too much on the incident, this post made by a Facebook security team member reports the bug as being fixed, and goes on to say that Facebook should have pressed for more information, and was initially working off very few details that did not highlight the severity of this security flaw.
Facebook added that it hopes Khalil and other White Hat hackers will continue to report bugs and help improve the site.