A 10-year-old boy from Helsinki received $10,000 from Instagram for finding a serious bug in the app’s comment feature.
According to Finnish media, the boy—named only as Jani—found he could delete other people’s comments by inserting malicious code into the comment field. Jani said he could even have executed the attack against the account of Justin Bieber, if he wanted to.
Facebook-owned Instagram confirmed that Jani was the youngest person to get paid through its “bug bounty” program.
Like many larger online firms, Instagram pays security researchers to inform it of the vulnerabilities they find and to encourage them to locate bugs before miscreants do.
Jani told Instagram about the flaw in February and collected his reward the following month. He said he will use to buy a new bike.
The company has paid out over $4.3 million since 2011 to over 800 researchers. It is not uncommon for teenagers to submit reports, but a 10-year-old is something else.
Unsurprisingly, Jani told Finnish newspaper Iltalehti that he wants to work in cybersecurity when he grows up.