This 10-year-old got $10K from Instagram for one bug

Instagram

The latest bug bounty hunter who pinpointed a major security flaw in Instagram, netting himself a big reward, is only 10-years-old.

The youngster called Jani, who is from Finland, isn't even supposed to be on the social media site given his age (the minimum age limit is 13), but nonetheless he found the bug which let him delete comments left by other Instagram users.

He emailed the social network with his discovery in March, and Facebook, which owns Instagram, set up a test account for the boy, allowing him to prove he could leverage malicious code to delete comments – which he successfully did.

Facebook fixed the issue quickly, and as a successful bug hunter – with this being a major vulnerability – Jani was awarded a payment of $10,000 (around £6,900, or AU$13,300).

Bug for a bike

According to Iltalehti, the Finnish newspaper which reported the story, Jani is going to spend the money on a new bike, football paraphernalia and new computers for his brothers.

At first, his teachers and classmates didn't believe Jani's tale of bug discovery, but he ended up giving a presentation on his Instagram exploits and data security in school. The boy has been coding games for several years and has previously found minor bugs along with his brothers.

His ambition is to become a security researcher – a goal he is likely to achieve given that he's managed to find a 10 grand bug at the age of 10.

Facebook said it was swift to fix this flaw, but not as swift as Microsoft recently proved to be when patching up a hole in Office 365Redmond had the vulnerability sealed inside seven hours, no less.

Via: BBC

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).

Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Latest in News
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
Oura Ring 4
Activity tracking on Oura Ring is about to get a whole lot better, but I've got bad news about your step count
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound
Google Maps on a phone being held in someone's hand
Google Maps is getting two key upgrades, for easier route planning and quicker access to Gemini AI