Industry News Social Networks

Zuckerberg’s Facebook page? I’ll livestream its deletion, says hacker

A Taiwanese bug hunter says that he will livestream his attempt to delete Mark Zuckerberg’s Facebook page this weekend.

Chang Chi-yuan is something of a minor celebrity in Taiwan, having regularly publicised security holes in online services, and even appeared on TV talk shows describing how boredom has driven him to “dabble” in hunting for bugs in the hope of earning cash through bounties.

His past activities have seen him recognised in, for instance, on the “Hall of fame” page of Japan’s popular Line messaging service

But perhaps Chang Chi-yuan became most notorious when he was reportedly sued for hacking into a Taiwanese bus operator and buying a ticket for just one Taiwanese dollar (equivalent to a mere US $0.03). Perhaps unsurprisingly, the bus company was not amused.

More recently Chang has claimed to have found a loophole in Apple Pay that allowed him to buy 500 iPhones for just one Taiwanese dollar.

The method Chang might use to erase Mark Zuckerberg’s Facebook page hasn’t been shared in advance, but it certainly wouldn’t be the first time that such a high profile page on the social network has been targeted.

For instance, in 2013 a Palestinian researcher defaced Zuckerberg’s page after becoming frustrated that Facebook’s security team had not taken his claims of a security vulnerability seriously.

Facebook’s security chief ultimately admitted that his team had made mistakes, but still refused to pay the researcher a bounty.

But what Chang is suggesting is different. He is not only claiming that he will completely take down Zuckerberg’s Facebook page, but he’s announcing his plans in advance, and is planning to stream his attempt live on the internet.

This not only alerts Facebook’s security team to the potential for an attack this weekend, but also who is behind it.

With such an audacious announcement, one would hardly find it surprising if Facebook chose to take action beforehand such as – perhaps – shutting down the researcher’s Facebook account. Of course, Chang could probably create another Facebook account – but one still needs to remember that unauthorised modification of Zuckerberg’s Facebook page is a criminal offence.

If you believe you have found a vulnerability in a product or online service, the responsible thing to do is to report it to the company concerned, and work with them to have it fixed in a responsible timely fashion.

The wrong thing to do is hack into the company without their permission to demonstrate the flaw. That might raise your profile on TV stations, but could result in you ending up in legal hot water.

It remains to be seen if Chang keeps his promise and attempts to hack into Mark Zuckerberg’s Facebook page. No doubt there will be some people, especially in light of recent Facebook revelations, who will be cheering him on.

My advice, however, would be that he should cancel his plans and communicate directly with Facebook’s security team rather than engage in such a stunt.

About the author


Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.


Click here to post a comment
  • So does this threat and the recent discovery about the 50-90 million potential affected token-harvested Facebook accounts have anything in common? It was about time to do an audit?

  • I like your Youtube-link to the Taiwan TV-show, especially since it doesn't have any subtitles. I guess you know what the're saying, Graham? As always, your skills by far exceed mine :-)