Facebook Wrong in Refusing to Pay Helpful Hacker

Grow Your Business, Not Your Inbox

Stay informed and join our daily newsletter now!
Former Editorial Director at Entrepreneur Media
3 min read

Hey, Facebook: Pay the man.

A hacker found a flaw in Facebook, reported it, eventually (and that's the sticky part) got results and then went for the $500 he was owed as part of Facebook's own bug-bounty program.

Facebook has declined. Why? Because the hacker didn't follow the company's rules.

The story is simple, and without dispute. A person identifying himself as a Palestinian named Khalil found that he could actually post information on other people's Walls, even if they weren't friends. So he put a message on the wall of Sarah Goodin, who is a college friend of Facebook founder Mark Zuckerberg. He then alerted Facebook.

Facebook's response? It's not really a bug.

Knowing that he was right, Khalil escalated the issue in an innovative way: He posted a message on Zuckerberg's own Wall, with an apology (and less-than-Oxford grammar).

“Dear Mark Zuckerberg,” his post read. “First sorry for breaking your privacy and post to your wall , I has no other choice to make after all the reports I sent to Facebook team.”

That certainly got Facebook's attention. It fixed the bug, and then decided to shoot the messenger.

First, Facebook suspended Khalil's account “as a precaution," as if Khalil might do the unthinkable and point out another flaw.

Then, it blamed him for not explaining himself correctly. "Unfortunately your report to our Whitehat system did not have enough technical information for us to take action on it," a company engineer wrote to him. "We cannot respond to reports which do not contain enough detail to allow us to reproduce an issue."

Then, to make it clear that this whole, unfortunate incident was Khalil's fault, the company told him he can't get the $500 bounty “because your actions violated our Terms of Service." You see, Khalil did a very naughty thing by discovering this bug and exploiting it, Facebook reminded him, when he should have alerted the company to the problem and let the very helpful and responsive Facebook staff fix it. Oh wait...see above.

Facebook could be making lemonade out of this lemon, but it instead has made lighter fluid. The money is small, as the company has paid out about $1 million in bounties over the past two years. It is a small price to pay for making this issue disappear.

Plus it is the right thing to do. Facebook set up the bounty system to reward people for pointing out its flaws. It is a cheap, easy way to ensure quality. Khalil helped Facebook. He didn't harm the company in any way. Maybe Zuckerberg didn't like someone hacking his page, but it didn't have to come to that.

But what about the principle involved? Didn't Khalil exploit the flaw? Yes, but only because Facebook refused to see it had a problem. It argued with him. Worse, it blamed him. Rather than citing a technicality, it should be more introspective about its own handling of the situation. If the company doesn't want to compensate Khalil, is it equally looking into the compensation of all the Facebook employees who touched this issue and did nothing?

Pay the man. Facebook has benefited greatly from the incident. Why should Khalil have to pay for that?

Tell us what you think. Did Facebook mistreat Khalil? 


More from Entrepreneur

Our Franchise Advisors are here to help you throughout the entire process of building your franchise organization!
  1. Schedule a FREE one-on-one session with a Franchise Advisor
  2. Choose one of our programs that matches your needs, budget, and timeline
  3. Launch your new franchise organization
Make sure you’re covered if an employee gets injured at work by
  • Providing us with basic information about your business
  • Verifying details about your business with one of our specialists
  • Speaking with an agent who is specifically suited to insure your business
Discover a better way to hire freelancers. From business to marketing, sales, finance, design, technology, and more, we have the freelancers you need to tackle your most important work and projects, on-demand.

Latest on Entrepreneur