A 10-year-old kid from Finland found a bug allowing access to Instagram servers and delete any text posted by Instagram users.
If a security researcher wants to take part in Facebook’s bug bounty program there is an age requirement but the 10-year-old Finish kid Jani ( the last name not revealed) hacked Instagram and reported it to the Facebook and got 10,000 USD as a reward.
The Finnish news site Iltalehti reported that Jani earned $10,000 by taking part in Facebook‘s bug bounty program, which offers big bucks to hackers and researchers for discovering and reporting vulnerabilities and security flaws in Facebook. This also includes Instagram as Facebook owns the picture and video sharing platform.
The security flaw discovered by Jani allowed him to delete comments and descriptions from an Instagram picture. In his demonstration, Jani deleted several comments made on the picture-sharing-social media as a test. That’s not all, Jani said he could even delete comments made by Justin Bieber. Jani and his twin brother have been discovering security flaws in other websites but this was the first time when they decided to officially alert the social media giant, according to their father.
This is not the first time when Instagram had a critical security flaw. In December 2015, Wesley Wineberg, an independent security researcher, participating in Facebook’s bug bounty program, managed to crack his way through Instagram defenses and almost get complete control over the service. Soon after the researcher disclosed the vulnerability to Facebook, the company threatened to sue, instead of paying the reward he was due for his work.
Facebook is known for paying a huge amount of money to researchers coming up with critical vulnerabilities and bugs. Just a week ago, Taiwan-based researcher, Orange Tsai was paid $10,000 by Facebook after noticing a bug in one of the social media’s systems. He also found malware in Facebook’s staff server. In March 2016, a security researcher was paid $15,000 for reporting a critical flaw allowing anyone to access users’ password on Facebook.
The bug bounty program has been a success. Facebook revealed that the social media giant received more than 13,000 entries from hackers and security researchers in 2015 however only 526 were reported as valid. So if you think you can find security flaws in Facebook’s digital infrastructure go for it and get paid.