Facebook’s founder Mark Zuckerberg has rewarded a 10-year-old $10,000 for discovering a vulnerability in Instagram.
The Finnish schoolboy, only known as Jani, is the youngest person to receive a bounty from Facebook. He discovered a bug which allowed people’s comments on Instagram posts to be deleted; the bug was reportedly fixed in February and Jani was rewarded in March.
According to the Helsinki-based newspaper Iltalehti, the young boy and his twin brother had been interested in coding and video games for two years. Jani became interested in information security and continued to learn the skill watching instructional videos on YouTube.
“I tested whether the comments section of Instagram can handle harmful code. Turns out it can’t. I noticed that I can delete other people’s comments from there,” the young hacker told Iltalehti. “I could have deleted anyone’s – like Justin Bieber’s for example – comments.”
Facebook has announced that its bug bounty programme has awarded more than $4.3m to more than 800 researchers. Only recently, professional bounty hacker Orange Tsai uncovered another hacker’s backdoor installed on Facebook’s company servers, which had access to employee credentials and was also rewarded $10,000.
Penetration testing is where security researchers are hired to deliberately find vulnerabilities in systems and report them back. Facebook has a bug bounty program in place which pay rewards to anyone who can find problems with its websites or systems.