[emilenchev]

In 2017 Facebook's recovery login form has a bug. At first glance, nothing special. They ask you to enter your phone number, then show you your profile PICTURE and account NAME.

https://www.facebook.com/login/identify/?ctx=recover&ars=fac...

Then I asked myself a simple question "What if...?" Facebook has around 2 billion monthly active users in 2017. This was roughly about 1/4 of the human population. "What if...I make a BOT to create RANDOM phone numbers and it starts making requests to Facebook's servers to reap their user phones, profile photos and names from their database?" Their users are so many that I will always hit a number sooner or later if there is no protection system against automated requests.

Guess what? I start to reap phone number after phone number of their users and Facebook had no proper protection against automated bots requests :-)

Carefully considered synchronized bots attack on Facebook servers and soon you will have the phones, picture and names at least of 1/6 of the earth population. How much will this information cost?

But I was moral enough (and dumb) to provide them with information about this SECURITY bug on the proper channel and Facebook technical support. 'That would at least bring me a few thousand dollars' I thought naively then. After all, information about this bug was sent to them according to all their rules for "Bug Bounty", I have not retrieved information about their users except to verify this security breach... I even sent them Python program code with which they can see for themselves how it retrieve phones from their database.

Not only did they not pay me a penny for bounty reward - they didn't tell anyone about this security breach in 2017 - they quietly fixed their "login form" so that this bug can no longer be used and exploit.

This happens when you try to be moral and there are crooks in front of you.

[emilenchev]

Mark Zuckerberg, because I know you will read this in person, I will tell you 2 words only "SEC 2018". I think you're smart enough to understand me ;-)

$1M, for the service I did for you in 2017. I understand why you hacked my personal computer and your desire to check if I had extracted personal information about your users BUT to steal intellectual property from it that does not belong to you... https://www.sciencemag.org/news/2017/11/artificial-intellige... ... this is the reason why you will pay me $1M not $10K as for ordinary bug bounty reward.

It will be very strange when someone Emil Enchev from Bulgaria publishes an article in https://arxiv.org/ which demonstrates translation algorithm which not need a two-way dictionary, something you're just talking about yet, and he claims that you plagiarized from him by hacking into his personal computer.

It can easily be shown that you have changed your login form from 2017 exactly to block exploiting of bug I talk about - and the question will be how do I know why you made this change when you have never announced this publicly?

It will be a little awkward if you try to challenge the new rising star in AI which demonstrates new algorithms in this field (far above what Facebook owns) that have no analogue, carefully described and with all the program code behind them.

But the catastrophe for Facebook will come after that. What will happen when I open my mouth about 2018 "BIG FACEBOOK HACK" and SEC? So, Mark, I know you understand perfectly well what I'm talking about. Better someone from Facebook to contact me on the specified email and we to solve the problem with your financial obligations to me. I told you above $1M now, or $100M after several months - your choice.

emilenchev1978@yahoo.com

[emilenchev]

And by the way, https://www.sciencemag.org/news/2017/11/artificial-intellige..., around 2015 I proposed to one of the most renowned European universities to decipher one of the famous undeciphered writing systems if they provide me with the data they have about it. A conversation began about the way I intend to do it. They were really shocked when I told them that I would translate the text without the need for additional two-ways dictionaries(Rosetta Stones). They started wanting me to provide them with the algorithms I was talking about. Of course this did not happen - and they refused to give me access to their database. But believe me, they will remember who I am ;-)

Our copyright dispute will end quickly Facebook.

[emilenchev]

And Mark, you may be tempted to think you can bribe SEC investigation - and superficially you may be right. But it won't matter, even if you succeed. With what I will say about the management of Facebook in 2018 around so called 'big hack' - it will be enough to make some of your investors so mad that to tear you apart alive :-) You will not survive this new Facebook storm. You better pay me this $1M that Facebook owe me.

P.s. And to tell you the truth, in addition to the scandal that will break around Facebook and you personally, I doubt whether you will actually be able to bribe the SEC and stop the subsequent investigation. But as always you know better. You're trying to fuck the devil - ask Boeing and Dennis Muilenburg what was the result of their same experience. Better pay Idiots. I really have no great desire for my name to be involved in such a scandal, from the very beginning of its creation and promotion around the world. But I can't afford to have some morons,like you, to talk after time how they fuck me in the past, while drinking in bars ;-) No one will fuck me with impunity. I hope you understand what I mean, even with my broken English.