After receiving the third bug report, a Facebook security engineer finally admitted the vulnerability but said that Khalil won’t be paid for reporting it because his actions violated the website’s security terms of service.
This is really a shame. The guy more than deserves the bounty.
2 comments
[ 8.7 ms ] story [ 72.9 ms ] threadThis is really a shame. The guy more than deserves the bounty.