A 10-year-old boy in Helsinki, Finland just became $10,000 richer. The boy, Jani, discovered a bug in Instagram, so the company’s owner, Facebook, paid him $10,000 as a thank-you. Now that’s the kind of promotion any kid wants from their average allowance.
In an interview with Finland’s Iltalehti newspaper, Jani said, “I wanted to see if Instagram’s comment field could withstand malicious code. Turns out it couldn’t.”
Jani describes that he was able to write malicious code and alter any written content on the platform, noting he was able to delete any users comments, even Justin Bieber’s, if he wanted.
Jani is an aspiring security expert and emailed his discovery to Facebook. He then verified the report by deleting a comment the company posted on their test account, a spokesperson told Forbes.
Though this news is just now breaking, the bug was reported and resolved at the end of February and Facebook paid Jani his $10K in March. The reward comes out of Facebook’s “bug bounty” program, which offers a monetary compensation for users who find bugs or weaknesses in its platform.
On the bug bounty page, Facebook says it will investigate all legitimate reports and will work toward quickly resolving the issues. The page reads that, “We recognize and reward security researchers who help us keep people safe by reporting vulnerabilities in our services. Monetary bounties for such reports are entirely at Facebook’s discretion, based on risk, impact, and other factors.”
Since launching the bug bounty program in 2011, Facebook has awarded over $4.3 million to over 800 researchers. In 2015, they awarded $936,000 to 210 researchers with the average payout close to $1,780.
In his interview with Iltalehti, Jani says he plans to use the money for sporting goods and computers for his brothers.