10-year-old gets bounty for finding Instagram vulnerability

A 10-year-old schoolboy from Finland has become the youngest recipient of a £7,000 ($10,000) award under Facebook’s bug bounty program, after he found a vulnerability that allowed anyone to delete comments on Instagram simply by planting malicious code into the photo-sharing app.

Jani—who at the tender age of 10 is considered too young to use Facebook by the company’s own rules—outshines an unnamed 13-year-old cyber enthusiast, who once held the title of the youngest person to receive a bug bounty reward from the free content ad network.

In fact, the Finnish kid might well be the youngest publicly acknowledged bounty hunter—a title that appeared to have been previously held by Alex Miller from California, who received £2,000 from Mozilla back in 2010 at the age of 12.

Jani made the discovery in February, and notified Facebook of the vulnerability, which was claimed to have been fixed quickly.

“I tested whether the comments section of Instagram can handle harmful code. Turns out it can’t,” Jani told the local paper Iltalehti, translated by the Guardian. “I noticed that I can delete other people’s comments from there,” the youngster told Iltalehti. “I could have deleted anyone’s—like Justin Bieber’s, for example—comments.”

Jani has been interested in coding and video games since the age of eight, Iltalahti reported. He dreams of a job in the information security industry, and has been learning about the trade from instructional videos on YouTube.

The ethical hacker received his bounty in March, and reportedly plans to spend the money on a football and a new bicycle. His school chums and parents are said to be quite surprised by the news.

by (UK) – May 4, 2016 2:00pm BST

Full article:

Source: 10-year-old gets $10,000 bounty for finding Instagram vulnerability | Ars Technica

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.