2 comments

[ 8.7 ms ] story [ 72.9 ms ] thread
After receiving the third bug report, a Facebook security engineer finally admitted the vulnerability but said that Khalil won’t be paid for reporting it because his actions violated the website’s security terms of service.

This is really a shame. The guy more than deserves the bounty.

You're correct. He had no other choice to gain recognition. He reported twice moreover.