Hearing that a security research was paid big money for finding a critical bug isn’t anything surprising these days, but it is surprising when that researcher is 10 years old. A kid going by the name of “Jani” (full name not disclosed as requested by his father) took a leisurely stroll through Instagram’s code, and what he stumbled upon was a vulnerability that let him delete any comment he wanted.
The kid reportedly found a way to delete any Instagram comment he wanted. While it’s not quite as potent as spoofing or deleting entire accounts, being able to delete comments is still a pretty big deal. Jani was given $10,000 upon demonstrating the vulnerability to Facebook as part of the company’s bug bounty initiative.
The father suggests both Jani — whose coding aspirations began in video games and later evolved to information security — and his brother spend lots of time looking at the code of popular websites and apps to see if they can find any holes. This is the first one they’ve ever been paid for.
It highlights a change in the world where young people are being exposed to technology sooner than ever before. Not only are they using it, but they’re starting to understand the deep intricacies behind how it works. In Jani’s case, he taught himself how to do it from YouTube.
It’s something for the boys’ father to be proud of, for sure. Jani says the money will go toward equipment for football and a new bike, though both he and his brother have already used much of it to buy new well-deserved computers.