A 10-year-old boy from Helsinki received $10,000 from Instagram for finding a serious bug in the app’s comment feature.
The previous record was set by a 13-year-old back in 2013, meaning this latest young hacker is the first person to crack a Facebook product that they aren’t technically even able to use, given that it’s supposed to be restricted to under-13s.
While clearly poking around where he shouldn’t have been, Jani found he could alter code on Instagram’s servers and force-delete users’ posts. This was confirmed by Facebook using a test account and patched in February, the company told Forbes
He said for now he will use the money to buy a new bike.
Where does this leave small businesses today that don't have the resource to invest in protecting against cyber security threats? Recruit 10 year old, ethically-minded bike lovers?
This is a real and present danger for all businesses today, and unfortunately many of us running a small business today were around for the Millennium bug hype. This was the last IT related campaign / scare that we paid attention to as a Nation and in our business community; unfortunately it proceeded to be quickly filed under 'what a waste of time' (WaWot).
Cyber security is not getting the top billing it should, possibly as it would terrify any small to medium sized businesses if they realised how open to exploitation they actually are. This has to change and that is why we have put together a service for SME businesses that makes it easy to take that first, simple step towards protecting their valuable company.
I would like to quote a line from the Usual Suspects: "The greatest trick the devil ever pulled was convincing the world he did not exist". Well your business can't take that chance, whatever you believe, even Keyser Soze is afraid of hackers!
According to Finnish media, the boy—named only as Jani—found he could delete other people’s comments by inserting malicious code into the comment field. Jani said he could even have executed the attack against the account of Justin Bieber, if he wanted to. Facebook-owned Instagram confirmed that Jani was the youngest person to get paid through its “bug bounty” program. Like many larger online firms, Instagram pays security researchers to inform it of the vulnerabilities they find and to encourage them to locate bugs before miscreants do. The company has paid out over $4.3 million since 2011 to over 800 researchers. It is not uncommon for teenagers to submit reports, but a 10-year-old is something else. Unsurprisingly, Jani told Finnish newspaper Iltalehti that he wants to work in cybersecurity when he grows up.