10 Year Old Gets $10,000 Bug Bounty Reward

instagramA 10 year old boy from Finland recently uncovered a bug in Instagram that enabled users to input malicious code into the comments and actually delete other comments.  The bounty was part of Facebook’s bug bounty program that rewards ethical hackers for revealing code vulnerabilities to them.  It was started in 2011 and has paid out more than 2.95 million pounds for various bugs.

The 10 year old is named Jani.  He is interested in coding and video games, and plans on being involved in the info security industry when he grows up.  He has been self-educating via YouTube videos.  He found the vulnerability in February and has now become the youngest hacker to receive a bug bounty, beating the previous record holder Alex Miller who was 12 when he received a bug bounty reward from Mozilla in 2010.

Jani is actually, in fact, too young to even use Facebook according to the websites terms of service.  However he was still allowed to claim the bounty.  His plans for the dough?  A new bike and a football.

“I tested whether the comments section of Instagram can handle harmful code. Turns out it can’t,” Jani told the local paper Iltalehti, translated by the Guardian. “I noticed that I can delete other people’s comments from there,” the youngster told Iltalehti. “I could have deleted anyone’s—like Justin Bieber’s, for example—comments.”  (excerpt from website ARS Technica)

Many internet commenters jokingly lamented the fact that Jani didn’t delete Justin Beiber’s comments and instead turned in the bug for cash money.  Jani is what is called a “white hat” hacker.  There are white, black, and grey hackers according to the latest internet lingo.  The white hat hackers are ethical hackers, finding bugs and turning them in for reward or just the principal of it.

About the Author

Roger Feinstein has grown up with computers his entire life and strives to help others understand what goes on behind the scenes in their PCs. He's been writing tech articles for websites for over 5 years.

Leave a Reply

If you want a picture to show with your comment, go get a Gravatar.