How a 10 Year Old Earned Big For Discovering Instagram Bug?


There are various websites offering recognition and compensation for reporting bugs in the name of bug bounty programs. We have seen many instances where an individual has been facilitated by companies like Facebook and Google for identifying vulnerabilities in their application.

It requires immense talent to identify the loopholes in an application designed by Tech giants like Facebook and Google. However, if you are just 10 years old, it is difficult to even imagine.

Recently, a 10 year-old Finnish kid has done something that is quite hard to believe. He has just become the youngest ever to be facilitated by Facebook for discovering a comment-deleting Instagram bug. I wonder, 10 year is not even an age to hold an Instagram or Facebook account. In fact, even Facebook founder Mark Zuckerberg started learning programming when he was 11.

This came as a big surprise for his family members, teachers, and friends, when he demonstrated that how he could easily delete any comment from Instagram. As we all know, Instagram has been a Facebook owned photo sharing app since 2012. As a part of their bug bounty program, Facebook has so far paid $4.3m to more than 800 people. However, this case is quite unique, as he is the youngest to receive the whopping sum of $10,000 from Facebook for his feat.

Facebook has claimed to have fixed that bug in Feb; however, the reward has been paid recently. According to sources, the 10-year old had an interest in coding and gaming for the past 2 years and had enhanced his skills by viewing instructional videos on YouTube. He also intended to pursue his career in information security.

The issue discovered by the boy was not accidental. He tested that the comments section of Instagram can’t handle harmful code; however, he can delete other people’s comment from there, though not in bulk. This was quite a threat, as he could have deleted anyone’s comment – like politicians or superstars.  The problem was actually with the private Application Programming Interface (API) that allowed access to outsiders. As a result, the code was not able to check the identity of the person deleting a comment.

The $10,000 bounty is a huge amount, considering the starting payout in Facebook‘s bounty program. He plans to buy a football and bicycle from the amount he received.

You may also like: Facebook Fixes the Bug Causing Threat to All Public Photos



Get A Free Quote

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.