Wednesday, May 4, 2016
10 year old earns $10,000 from Facebook for finding a security flaw in Instagram
Facebook founder Mark Zuckerberg didn’t even begin to learn programming until he got a tutor at 11 years old – so he may have met his match in a 10-year-old Finnish schoolboy who has received a $10,000 bounty from Facebook after finding a vulnerability in Instagram’s code.
Instagram, which was bought by Facebook in 2012 for $1bn, is part of the Facebook “bug bounty” program, created in 2011, under which people who spot chinks in Facebook’s digital armour are given a reward.
The program has paid upwards of $4.3m to more than 800 people who have spotted bugs in the social network’s programming, a spokesperson for Instagram said.
While reports from teenagers are not uncommon, at 10, the Finn is the youngest person ever to receive the bounty.
The bug allowed other people’s comments to be deleted, though not in bulk, and was reported and fixed in February. The reward was paid out in March.
The 10-year-old has been interested in coding and video games for two years, according to the Helsinki-based newspaper Iltalehti, which first reported the story. He has a twin brother, and the two have been learning together. He became interested in information security – which he said would be his “dream job” – and honed his craft using instructional videos on YouTube.
“I tested whether the comments section of Instagram can handle harmful code. Turns out it can’t. I noticed that I can delete other people’s comments from there,” the young hacker told Iltalehti. “I could have deleted anyone’s – like Justin Bieber’s for example – comments.”
His classmates were “surprised and astonished” by the reward, according to Iltalehi, and his father, Marko, told the paper that it had come as “a total surprise that [my son] has gone this far with it”.
“For me all this is social media gibberish – [it’s all] Greek [to me],” he added.
And what does a 10-year-old do with $10,000? He reportedly plans to buy a football and a new bicycle.