Facebook Gives $10k to 10-year-old who Hacked Instagram
A 10-year-old who isn’t old enough to have a Facebook or an Instagram account has been awarded $10,000 by Facebook for discovering a security flaw in Facebook-owned Instagram, which makes him the youngest ever recipient of a Facebook bug bounty.
Jani [full name withheld], a 10-year-old from Finland is the youngest ever recipient of a bug bounty from Facebook after the hacking whizkid discovered a vulnerability on Instagram that allowed him to delete any comment on the application.
Jani, a cybersecurity security enthusiast in his young years took to learning about information security through videos on YouTube.
The young Finnish ace and his brother frequently look for vulnerabilities on applications and programs and have discovered a few in the past, albeit ones that are far too small to get bounties for.
Jani discovered that the Instagram comment field contained a vulnerability that allowed him to delete any Instagram user’s comment. Jani was able to alter code within Instagram servers to basically wipe out or forcibly delete users’ comments.
Speaking to local publication Iltalehti, Jani said:
I would have been able to eliminate anyone (any user’s comments), even Justin Bieber.
He duly proceeded to email Instagram to notify them of the vulnerability. A few days later, Instagram responded to notify Jani that the vulnerability had been patched. They also gave him a thank you gift, with $10,000.
Facebook told FORBES that Jani had even verified his claim of a vulnerability by deleting a comment that the social media giant posted on a test account.
The vulnerability, a spokesperson for Facebook revealed, lay in a private application programming interface that allows external access. Notably, the interface was failing in checking if the person deleting a comment was the same person who posted it to begin with.
The bug was patched in late February, soon after confirmation while the reward was bestowed upon Jani in March.
Jani intends to buy a new bicycle and a football with the money. Also, computers, for him and his brother.
Jani dreams of being a cybersecurity expert. He said:
It would be my dream job. Security is important.
He certainly has gotten off to a great start.
Featured image from Shutterstock.