Jani, a 10-year-old boy from Helsinki, Finland, impressed Facebook’s CEO Mark Zuckerberg by hacking Instagram. This boy received $10,000 for identifying a security bug.
The 10-year-old Finnish kid has become the youngest ever recipient of a Facebook bug bounty after uncovering a vulnerability that allowed him to delete any comment on the photo sharing application.
“I would have been able to eliminate anyone, even Justin Bieber,” he told the Finnish publication at the “Iltalehti”.
White hat hacker at 10 years old
Jani, who is an aspirant security expert, sent his discovery to Facebook via email. He verified his report by deleting a comment the company posted on a test account. The bug was later resolved at the end of February. In March, the Instagram informed Jani that they fixed the bug he discovered and was awarded 9,000 euros (about $10,000).
The problem was on the private application programming that wasn’t properly checking the person deleting the comment was the same one who posted it.
Also, some serious bugs have been found on Instagram in recent memory. Not all have been rewarded, as in the case of researcher Wes Wineberg, who uncovered that, allowing him to access to a vast amount of internal Instagram data. Facebook believed he’d gone too far in proving his point, denying Wineberg a reward just like the one awarded to Jani.
10 and life
Jani plans to use the reward to buy a new bike, football gear, and new computers for his brothers, he said in the interview with Iltalehti. He got rid of a 13-year-old to become the youngest ever recipient of Facebook’s bug bounty program, which offers rewards to people who identify and report legitimate security risks.
Also, Jani told Finnish media he started picking up hacking skills from YouTube videos and now wants to join the industry. “It would be my dream job. Security is really important.”
This Facebook’s bug bounty program has awarded over $4.3 million to more than 800 researchers. The program determines the payout based on a bug’s risk, rather than how complex it may be, so the hardest the bug to detect, it’s worth more than those who are significative less serious. Just in 2015 about 210 researchers received $936,000 with an average payout of $1,780. The largest bounty paid on a bug before this one was about $20,000.