10-year old cashes on Facebook bug bounty program

A 10-year old from Finland successfully discovered and reported an Instagram flaw, and was handsomely rewarded by Facebook.

What were you doing when you were 10-years old? Chances are it was not as profitable as this youngster from Finland.

Earlier this week, it was announced that a boy named Jani (surname not disclosed) became the youngest person to be rewarded by Facebook’s bug bounty program.

10-year old cashes on Facebook bug bounty program

He discovered an Instagram flaw that allowed him to delete a comment made by any user on any account, “even Justin Bieber,” as he told Finnish publication Iltalehti.

Jani reported the bug to Facebook, the parent company of Instagram, and confirmed the report was by deleting a comment the company posted on a test Instagram account. A spokesperson stated that the bug was fixed in late February after being discovered. And as reward for his discovery and subsequent reporting while also not abusing the bug, Jani received $10,000 from Facebook.

This certainly isn’t the first bug to be found on Facebook or Instagram. Since its 2011 launch, Facebook’s bug bounty program has paid $4.3 million to over 800 different researchers worldwide. In 2015 alone, $936,000 was paid out to 210 vigilant white-hats around the world.

While Jani is now the youngest recipient of a Facebook bug bounty, he is not the first minor to receive a reward. The previous record holder was 13.

If you’re wondering what got Jani interested in cybersecurity at such a young age, he says he first picked up tips from YouTube videos, and now he’s interested in joining the industry in the future. He has become aware of just how important security is, and he says joining the cybersecurity industry would be his “dream job.”

But for those who fear that Jani is letting his childhood slip away too fast, fear not: he says he plans to spend his bounty money on football and a new bike.