Facebook promises to pay researchers a minimum of $500 for every successful bug that they file with the social network, but when Khalil Shreateh discovered a major flaw that allowed users to post on anyone's profile regardless of their privacy settings, the company refused to pay him because of how he carried out his tests. Just several days later, supporters of Shreateh's work have now rallied together and raised over $11,000 to hand over to the security research in light of Facebook's snub. The fundraiser was held on GoFundMe, and the organizer is reportedly in contact with Shreateh, who has been aware of the effort.
Despite having identified and reported a major bug in the social network, Facebook chose not to pay Shreateh because he violated the company's terms of service by posting on Mark Zuckerberg's wall without permission. The fundraiser's organizer, Marc Maiffret, writes that he hopes the crowdfunded response speaks to the importance of security researchers. He doesn't deride Facebook for ignoring Shreateh, and instead suggests that it's representative of a hurdle that security researchers must be aware of. He writes, "Working with technology companies can sometimes be frustrating, [security researchers] can never forget the greater goal; to help the Internet community at large."