10-year-old hacks Instagram, gets handed $10,000 by Facebook
A 10-year-old boy from Helsinki, Finland, has been given $10,000 by Facebook, after he managed to find an exploit in Instagram that allowed him to delete comments posted by other users.
Finnish news site Iltalehti reports that Jani – his last name is being withheld for security reasons – was awarded $10,000 as part of Facebook’s white-hat hacker bug bounty programme. The scheme offers rewards for hackers that uncover security flaws in Facebook’s infrastructure, including Facebook-owned services such as Oculus, Onavo and Instagram.
Jani told Iltalehti he was able to access Facebook’s servers and delete text comments on other users’ photos, including those of celebrities such as Justin Bieber. Jani demonstrated this to Facebook using a test Instagram account. Facebook has revealed that the vulnerability was due to a private application programming interface, which was failing to match the user posting a comment and the one deleting it.
According to the father of the boy, this isn’t the first time Jani and his twin brother – who is also apparently quite the hacker – have discovered security flaws online. It is, however, the first time they’ve received a sizeable payout for their efforts.
Facebook’s bug bounty programme launched in 2011 and, according to a 2015 release from the company, has paid out more than $4.3 million to more than 800 security researchers.