Facebook Pays $10K Bounty To 10-Year-Old For Instagram Hack
A ten-year-old has been rewarded by Facebook for pointing out a security flaw in Instagram.
News reports claim the Finnish boy exposed a flaw in the photo-sharing social platform's code that allowed deletion of comments of others users. The boy, who remained unnamed by local media, has been learning coding for two years with his twin. The boy's parents however are not tech-savvy for the father has reportedly said social media is gibberish to him.
"I tested whether the comments section of Instagram can handle harmful code. Turns out it can't. I noticed that I can delete other people's comments from there," the boy told reportedly said. "I could have deleted anyone's - like Justin Bieber's for example - comments."
According to Christian Science Monitor, the problem was with Facebook's API that seeks a confirmation and authorization to delete comments. The API however was malfunctioning and was allowing deletion of comments with requisite authorization.
"That checking process wasn't working properly," Melanie Ensign, a security representative at Facebook, said. "You're only supposed to be able to delete comments that you own."
Facebook learnt of the flaw early this year and awarded the boy a $ 10k reward under its 'Bug Bounty' program.
"We recognize and reward security researchers who help us to keep people safe by reporting vulnerabilities in our services. Monetary bounties for such reports are entirely at Facebook's discretion, based on risk, impact and other factors," the program's description reads.
Around 800 people have exposed security flaws in Facebook's products and the company has paid about $ 4.3 million in rewards. At just 10, the Finn becomes the youngest hacker to get rewarded. He plans to buy a football and a bike with the money.