This is a security that the founder of Facebook , Mark Zuckerberg, has not been able to ignore. It it was indeed reported directly to the page by an expert in Palestinian security Khalil Shreateh.
To bring this bug, overlooked by Facebook's security team, to the knowledge of the owner of the social network, the researcher has just published a message on his page. Except that, in principle, it would not have been able to do so.
No reward for the researcher
This is thanks to the identified vulnerability he could. The flaw allows users to post messages on the timeline of other Facebook members, even if they are not on their friends list.
Khalil Shreateh has therefore demonstrated thus issuing this warning in the message thread from Mark Zuckerberg himself. This bug had not yet been adopted in the framework of Facebook security where bonuses are awarded to researchers for their responsible disclosure.
A few minutes after his demonstration, Shreateh was contacted by IT security social network - and Facebook account disabled by "precaution". The flaw has also since been corrected.
But no reward for the security expert. Facebook has held that the researcher had violated the rules of use and had also not followed the principles of responsible disclosure.