The latest bug bounty hunter who pinpointed a major security flaw in Instagram, netting himself a big reward, is only 10-years-old.
The youngster called Jani, who is from Finland, isn’t even supposed to be on the social media site given his age (the minimum age limit is 13), but nonetheless he found the bug which let him delete comments left by other Instagram users.
He emailed the social network with his discovery in March, and Facebook, which owns Instagram, set up a test account for the boy, allowing him to prove he could leverage malicious code to delete comments – which he successfully did.
Facebook fixed the issue quickly, and as a successful bug hunter – with this being a major vulnerability – Jani was awarded a payment of $10,000 (around £6,900, or AU$13,300).
Bug for a bike
According to Iltalehti, the Finnish newspaper which reported the story, Jani is going to spend the money on a new bike, football paraphernalia and new computers for his brothers.
At first, his teachers and classmates didn’t believe Jani’s tale of bug discovery, but he ended up giving a presentation on his Instagram exploits and data security in school. The boy has been coding games for several years and has previously found minor bugs along with his brothers.
His ambition is to become a security researcher – a goal he is likely to achieve given that he’s managed to find a 10 grand bug at the age of 10.
Facebook said it was swift to fix this flaw, but not as swift as Microsoft recently proved to be when patching up a hole in Office 365 – Redmond had the vulnerability sealed inside seven hours, no less.