Want CNET to notify you of price drops and the latest stories?

Hacker community rallies to reward Facebook bug finder

In just 24 hours, supporters have pooled together $10,000 to reward Khalil Shreateh for discovering a vulnerability in the social network.

Jennifer Van Grove Former Senior Writer / News
Jennifer Van Grove covered the social beat for CNET. She loves Boo the dog, CrossFit, and eating vegan. Her jokes are often in poor taste, but her articles are not.
Jennifer Van Grove
2 min read
Screenshot/Jennifer Van Grove/CNET

Nice-guy hacker Khalil Shreateh is receiving an outpouring of financial support from people who believe his discovery of a Facebook vulnerability deserves some type of reward.

Shreateh is the security researcher who, after failed attempts to report a vulnerability through proper channels, exploited the bug to report the flaw directly to Facebook CEO Mark Zuckerberg -- on his wall. The bug, which Facebook has since repaired, allowed anyone to post to the walls of people they weren't friends with on the social network.

Shreateh's efforts may have saved us all from some embarrassing or confusing wall posts, but his good deed is going unrewarded by Facebook, which typically pays for vulnerabilities reported through its Bug Bounty program. The social network is standing by its policy of not doling out rewards to researchers who have tested bugs against real users, a company spokesperson confirmed to CNET.

Now a fundraising campaign on GoFundMe is attempting to right what some believe is Facebook's wrong. Marc Maiffret kicked off the altruistic initiative on Monday to raise $10,000 for Shreateh. Just 24 hours later, people have pooled together more than $9,000 through the crowdsourced bounty payout program.

"Let us all send a message to security researchers across the world and say that we appreciate the efforts they make for the good of everyone," said Maiffret, chief technology officer at security compliance company Beyond Trust.

"We all made facebook, not just Mark Zuckerberg alone. And now, we should pay the person who helped make it safer for all of us," commenter Ha Lemon wrote on the campaign page.

The sentiment seems to be a popular one as 87 people have ponied up to make donations thus far.

Update, 5:15 p.m. PT: The campaign exceeded its $10,000 goal late Tuesday afternoon. Maiffret tweeted that he has to figure out a way to transfer the funds to Shreateh.