If you have not made your Facebook profile public, others should not be able to post to your wall or timeline. However, Khalil Shreateh, a self styled IT security expert, managed to discover a vulnerability using which he was able to post to other people’s walls without their permission.
Shreateh has said that he first reported the bug to Facebook’s security team via its White Hat Reporting service twice but they did not take any action and said that there was no bug. Finally he posted on Facebook’s owner Zuckerberg’s wall using the same vulnerability.
Shreateh has given a detailed outline of the events in a post on his blog in which he claims that he first tested the same vulnerability on wall of Sarah Goodin, who is a friend of Mark Zuckerberg.
The above mentioned whitehat service rewards those people who report bug with a minimum of $500. However, after Shreateh went ahead with posting on Zuckerberg’s wall, his Facebook account was blocked as the security team rushed to patch the security vulnerability.
The exact details and nature of the exploit have not been made public. Had these been made public, users’ timelines might have been flooded with a lot of spam.