Facebook pays $10,000 to a 10-year-old boy for finding security flaw in Instagram

Image capture from CNBC video
  • A 10-year-old boy found a security flaw in Instagram
  • The Finnish boy said he could delete other people’s writings in the comment field
  • Facebook, which owns Instagram, rewarded him with $10,000

A ten-year-old boy from Finland received $10,000 from Facebook through its “bug bounty program” that rewards those who report vulnerabilities in its services after alerting the tech giant to a security flaw in its photo-sharing service, Instagram.

Facebook acquired the photo-sharing company for $1 billion in 2012.

Jani, whose last name was not divulged on his parents’ request, discovered a way to access Instagram’s servers and found the security flaw.

The boy, as noted by Finnish news site Iltalehti, is not even old enough to own an Instagram account, but was able to discover a devastating flaw in the photo-sharing platform. He found he could delete comments posted by Instagram users.

“I just tested if the comment field in Instagram could withstand malicious code. It didn’t. I realized I could delete other people’s writings. I could have deleted comments from anyone, Justin Bieber for example,” Jani, a self-educated Information Technology security expert, told Iltalehti.

Jani sent an email to Instagram and notified them of his findings. A couple of days later, he received a reply. The tech company reportedly created a test Instagram account and posted a comment. The boy was asked to delete the comment. So he did. The reward was later sent to him.

Jani said he will use the money to buy himself a new bicycle and a football.

He became the youngest bug bounty hunter, a title previously held by a 13-year-old boy, recognized by Facebook.