Boy (10) wins $10,000 after hacking Instagram
Published 04/05/2016 | 13:08
A 10-year-old boy has been rewarded a bug bounty of $10,000 (£6,900) after he discovered a flaw in Instagram's servers that let him delete users' comments from them.
The Finnish boy called Jani, who is not yet old enough to have an Instagram account of his own, claimed that he was able to delete comments and captions on high profile accounts, including that of Justin Bieber.
Jani didn't actually breach any user information on Instagram's servers, but demonstrated the hack by deleting comment on a test account.
After finding the vulnerability, Jani sent an email to Instagram. Instagram responded that it had fixed the security flaw and rewarded Jani with the bounty.
Internet security: The five worst ever cyber hacks Internet security: The five worst ever cyber hacks Play! 02:06
Jani and his twin brother started developing their technical skills by coding games.
"Then I started to take an interest in information security and started watching videos on YouTube," said Jani.
The boys' father was unaware that his children had such advanced skills, and was shocked to hear that Jani had managed to hack Instagram.
"I was quite surprised that Jani had learnt so much," said Marko, Jani's father, speaking to Finnish publication Iltalehti.
Jani and his brother have found a couple of security flaws in other websites in the past, but the Instagram one is their biggest finding to date. The $10,000 is the first monetary reward that either of the boys has received for their findings. Jani told Iltalehti that he plans to spend it on a new bike and football.
Last December, Facebook threatened to sue researcher Wesley Wineberg after he managed to hack into Instagram and gain almost total control of the social network.
Facebook paid 210 security researchers a total of $936,000 (£646,000) in 2015. Just over 100 of the flaws among those were considered "high impact". In the first three weeks of the bug bounty program, which started in 2011, Facebook paid out £25,000.
The social network rewarded an ethical hacker with $15,000 (£10,350) in March after he demonstrated how a simple piece of software enabled him to hack into any Facebook account.