Jani (full name not revealed), a 10-year-old from Finland, was rewarded $10,000 by Facebook for uncovering a flaw in Instagram. Facebook is operating a ‘bug bounty’ programme, which rewards those who report vulnerabilities in its services, including Instagram. Jani is currently the youngest recipient of the Facebook bug bounty following his discovery of a vulnerability that allowed him to delete any comment on Instagram.
This Helsinki-based boy could alter the code on Instagram servers to force-delete users’ words. Jani verified his bug report by deleting a comment the company posted on a test account. The bug was later patched in late-February, and he received his reward in March. The problem was with a private application programming interface, which is the piece of code allowing certain outside access. It was not properly checking whether the person who is deleting a comment is the same one who posted it.
“I would have been able to eliminate anyone, even Justin Bieber comments from there,” young Jani said, according to a Google translation of the Finnish publication Iltalehti.
According to the latest update from Facebook, the bug bounty programme has awarded more than $4.3 million to more than 800 researchers around the world. In 2015 alone, it paid $936,000 to 210 researchers for 526 reports. The youngest recipient before Jani was 13 years old. Interestingly, while many American and European hackers have submitted hacks, Indian researchers have disclosed more bugs than any other nationality.
Jani plans to spend his prize money on a new bicycle and a football. Amusing is the fact that according to the rules of Facebook, Jani is too young to have an Instagram account, since the recommended minimum age is 13.