A hacker who discovered a Facebook bug was twice ignored by administrators -- until he posted the flaw on CEO Mark Zuckerberg's personal timeline.
But as The Daily Dot reports, Khalil Shreateh's brave move backfired spectacularly.
The Palestinian information systems expert last week warned Facebook he had found a glitch that allowed him to post messages on any user's wall, regardless of privacy settings.
To prove his bug worked, Shreateh tested it out on the Facebook page of Zuckerberg's Harvard classmate, Sarah Goodin, and twice sent a screenshot to administrators.
The second time, a rep relied saying: "I am sorry this is not a bug."
It was only after he posted the report on Zuckerberg's private wall did Facebook pay attention -- but it came at a cost.
Within minutes, an engineer requested more information but ignored his requests for reimbursement.
Facebook has a bounty program -- a "whitehat" system -- where it pays people to report bugs instead of using them or selling them on the black market.
However, Facebook temporarily shut down his account for violating the site's terms of service and denied him payment.
"Unfortunately your report to our Whitehat system did not have enough technical information for us to take action on it. We cannot respond to reports which do not contain enough detail to allow us to reproduce an issue. When you submit reports in the future, we ask you to please include enough detail to repeat your actions," Facebook wrote to him.
"We are unfortunately not able to pay you for this vulnerability because your actions violated our Terms of Service. We do hope, however, that you continue to work with us to find vulnerabilities in the site."
Get more tech news and reviews at News.com.au.