A few hours ago, it has appeared that “Jani”, a 10 year old boy hacked Instagram from Finland, has been awarded a $US 10,000 (Rs. 10,00,000) bounty for hacking into Instagram by the social media giant Facebook who bought it for $US 1 billion in 2012.
Ironically the “hacker” is not legally allowed to have an account on Instagram or Facebook because of his age. The bug he found allowed him to delete the comments made by other users.
In February 2016, after discovering the flaw, Jani sent an email to the Facebook ( the owner of Instagram). To prove his claim, Facebook made a special account for him and when given access, he proved his claim.
Facebook told FORBES that Jani verified his report by deleting a comment the company posted on a test account. The problem was in a private application programming interface, that wasn’t properly checking the person deleting the comment was the same one who posted it or not?
Facebook in a statement later yesterday said that the bug was fixed immediately. By winning this bug bounty, Jani has now become the youngest ever recipient of such reward.
The child giving an interview to Finnish newspaper Iltalehti said that he is happy to bag the bounty and has planned to buy a new bike, football equipment, and computers for his brothers.
Financial bounties are given to successful hackers for two reasons. Firstly, the keep people checking the flaws in the security system and secondly because companies do-not-want the ethical hackers to sell the leaks to bad hackers.
Not all hackers are successful in winning bounties, as in December 2015, Facebook denied Wes Wineberg, a researcher who claimed to have an access to a vast amount of internal Instagram data. However, Facebook denied the bounty because it said, the hacker went too far in proving his point.