A 10-year old boy has found a security flaw in
Instagram and, for his efforts, been rewarded $10,000 by Facebook.
Jani, from Helsinki, Finland, sent an email to the
image and video sharing social network explaining that he had uncovered a
vulnerability back in February.
He claimed that he could delete user comments
– intrigued, security engineers decided to test whether this was true or
not.
They set up a dummy account and, unsurprisingly,
found that the youngster could easily wipe out comments left by anyone on
Instagram.
The reward was given as part of Facebook’s Bug
Bounty program. Payment is discretionary, but over the last five
years, $4.3 million has
been paid out by the social network.
News of this was first revealed by the Finnish
paper Iltalehti, which reported that Jani and his twin have
demonstrated a flair for computing and coding from a young age.
“I tested whether the comments section of Instagram
can handle harmful code,” he was quoted as saying.
“Turns out it can’t. I noticed that I can delete
other people’s comments from there … I could have deleted anyone’s – like
Justin Bieber’s for example – comments.”
A similar story made the headlines last year, when a nine-year
old boy from the US demonstrated his ability to hack an Android smartphone.
Reuben Paul showed that he could access a
supposedly secure device and steal information in just under 15 minutes.
“If a child can do it then a regular hacker can do
it … so I just want everybody to be aware [and to] be more careful when you
download games and stuff like that,” he was quoted as saying last year.