It’s become increasingly common over the past few years for tech companies to reward hackers with cold hard cash whenever they discover and promptly report critical software bugs. Some companies, with Google and Microsoft being two prime examples, even officiate hacker contests to help squash as many bugs as possible.
With that as a backdrop, one would think that Facebook would have been a bit more forgiving when dealing with an intern who discovered a security flaw affecting the company’s Messenger app. Coming straight out of Harvard, Mark Zuckerberg’s alma mater, intern Aran Khanna was on the verge of starting an internship with the social networking giant this summer before having the offer withdrawn.
Khanna not only discovered a location-based security flaw with Facebook’s Messenger app, but he created a browser plugin for Chrome dubbed Maurader’s Map which effectively allowed users to see the exact locations their friends where chatting from.
As Facebook tells it, their primary objection wasn’t the software itself, but rather Khanna’s refusal to promptly remove it upon Facebook’s request. If true, Facebook’s termination of Khanna’s internship seems defensible.
But as Khanna tells it, he did, in fact, remove the Chrome plug-in that so offended Facebook’s sensibilities.
…Facebook asked him to deactivate the extension. He did, but also updated his Medium post and the extension’s description to make it clear that Facebook asked him to disable the map.
Three days after the extension was posted, and two hours before he was supposed to leave to start his internship, Khanna received a call from a Facebook employee telling him that the company was rescinding his summer internship offer. Khanna said he was told that he violated the Facebook user agreement when he scraped the site for data.
Khanna further writes that he subsequently received an email from Facebook which explained that they also took umbrage with the fact that he posted information about the security flaw on a Medium blog post.
You can check out Khanna’s full detailing of the security flaw, Facebook’s fix, and the events surrounding his withdrawn internship in an extensive write-up Khanna penned on TechScience.org.