Hacked: Hacking Finance

Facebook Gives $10k to 10-year-old who Hacked Instagram

Introduction

Samburaj Das

Samburaj Das

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.


LATEST POSTS

ChronoPay Looks to Kickstart Bitcoin Adoption in Russia 29th May, 2017

Alleged FBI Hacker Lauri Love Ordered to US Extradition by UK Home Secretary 15th November, 2016

Cybersecurity

Facebook Gives $10k to 10-year-old who Hacked Instagram

Posted on .
This article was posted on Tuesday, 21:03, UTC.

A 10-year-old who isn’t old enough to have a Facebook or an Instagram account has been awarded $10,000 by Facebook for discovering a security flaw in Facebook-owned Instagram, which makes him the youngest ever recipient of a Facebook bug bounty.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

Jani [full name withheld], a 10-year-old from Finland is the youngest ever recipient of a bug bounty from Facebook after the hacking whizkid discovered a vulnerability on Instagram that allowed him to delete any comment on the application.

Jani, a cybersecurity security enthusiast in his young years took to learning about information security through videos on YouTube.

The young Finnish ace and his brother frequently look for vulnerabilities on applications and programs and have discovered a few in the past, albeit ones that are far too small to get bounties for.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Jani discovered that the Instagram comment field contained a vulnerability that allowed him to delete any Instagram user’s comment. Jani was able to alter code within Instagram servers to basically wipe out or forcibly delete users’ comments.

Speaking to local publication Iltalehti, Jani said:

I would have been able to eliminate anyone (any user’s comments), even Justin Bieber.

He duly proceeded to email Instagram to notify them of the vulnerability. A few days later, Instagram responded to notify Jani that the vulnerability had been patched. They also gave him a thank you gift, with $10,000.

Facebook told FORBES that Jani had even verified his claim of a vulnerability by deleting a comment that the social media giant posted on a test account.

The vulnerability, a spokesperson for Facebook revealed, lay in a private application programming interface that allows external access. Notably, the interface was failing in checking if the person deleting a comment was the same person who posted it to begin with.

The bug was patched in late February, soon after confirmation while the reward was bestowed upon Jani in March.

Jani intends to buy a new bicycle and a football with the money. Also, computers, for him and his brother.

Jani dreams of being a cybersecurity expert. He said:

It would be my dream job. Security is important.

He certainly has gotten off to a great start.

 Featured image from Shutterstock.

 

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Receive New Posts on Email:



Samburaj Das

Samburaj Das

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.

There are no comments.

View Comments (0) ...
Navigation
Fingerprint censors are all the rage in mobile phones these…