Facebook bug bounty payment
Security & Fraud

Boy Scores $10K For Uncovering Instagram Bug

Facebook made a $10,000 payment to a 10-year-old Instagram hacker.

The boy found a glitch in the picture-sharing social platform’s code and was rewarded significantly by Facebook for the discovery. The child now holds the record for the youngest recipient of Facebook’s bug bounty program, Reuters reported on Wednesday (May 4).

"I wanted to see if Instagram's comment field could stand malicious code. Turns out it couldn't," the boy reportedly told a media outlet in Finland. "I could have deleted anyone's comments from there. Even Justin Bieber's," he continued.

According to Reuters, Facebook confirmed that the bug was fixed in February and Jani, whose last name was not released, received his winnings in March.

Facebook isn’t the only company that’s benefited from instituting a bug bounty initiative.

Earlier this year, PayPal thwarted a security vulnerability that would have enabled malicious emails to be sent from its platform.

The issue was patched after it was revealed by researcher Benjamin Kunz Mejri of German firm Vulnerability Lab, which found the application-side Web encoding vulnerability within the official PayPal online Web application.

PayPal awarded Mejri with $1,000 for discovering the vulnerability and submitting it to the company’s bug bounty program, which encourages professional security researchers to submit any security flaws or issues they find directly to PayPal for the chance to win up to $10,000.

The U.S. federal government has also launched its own pilot program that will allow hackers who are cleared through a criminal background check to look for security bugs and vulnerabilities in certain U.S. Department of Defense (DoD) systems.

The Hack the Pentagon Bug Bounty pilot will run until May 12.

The department announced that it will partner with Bug Bounty-as-a-Service firm HackerOne for its program, which the company described as an effort for the DoD to “explore new approaches to its cybersecurity challenges and evolve to adopt the best practices used by the most successful and secure software companies in the world.”

While specific bounty payments have not been disclosed, the DoD said it will depend on a number of factors and will come from the program’s $150,000 in funding.



Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border.

Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.

Click to comment