It would seem that hackers are getting younger these days, especially when you take notice about a 10-year-old kid in Finland who had found and reported a security flaw on the social networking platform Instagram. Instead of being fined for what the Finnish boy did, he was handsomely paid.
Finnish Boy Paid $10,000 by Facebook After Hacking and Reporting a Security Flaw in Instagram
Many might think that when you hack, especially if you do it on Instagram, you would get reported and fined for what you’ve done. But not Jani (his parents have asked the media to withhold his family name), the 10-year-old Finnish boy who was able to discover, exploit, and reported a security flaw in the popular social networking platform as he was handsomely paid the amount of $10,000 by the social media giant Facebook.
The young hacker is still three years shy from creating a Facebook account so he can’t share the good news. What he found was a way to delete comments that are found under images but are located on accounts that are not under his own. Therefore, he can delete anyone’s comments, even those from the Instagram account of one famous singing sensation Justin Bieber (except he didn’t) as the Jani told Finnish newspapers.
The problem here, in which Facebook had already fixed back in February of this year, is with Instagram’s application program interface (API), which is a way for developers to use the social media platform’s data in order to incorporate certain features into their own mobile applications. As for its API, it is supposed to confirm that the user has the authority to delete a particular comment.
A security representative at Facebook Melanie Ensign explained the following to The Washington Post: “That checking process wasn’t working properly. You’re only supposed to be able to delete comments that you own.”
While many would think that hacking is indeed a serious offense (which it is), but it is not unusual for Facebook, Twitter, Google, Yahoo, and even Microsoft to present bounties to court hackers in order to assist their internal teams in identifying and solving potential security problems. Doing so deters hackers that do have malicious intent from selling off information that they acquired illegally about a company’s vulnerabilities to criminals or other spy agencies.
Jani, the Finnish boy who successfully found a security flaw in Instagram, is just one of the approximate 800 hackers who have already collectively earned $4.3-million since the year 2011 as part of the Facebook bounty program.