Instagram has rewarded 10-year-old “Jani” with $10,000 for finding a flaw in the popular social media platform.
Jani found that he could change code on Instagram’s servers and force-delete users’ posts. According to Forbes, he ultimately verified the bug by deleting a comment the company had posted on a test account.
A spokesperson for Instagram has since confirmed the bug was patched in late February and that it handed the reward to Jani in March.
Jani is now the youngest beneficiary of Facebook’s Bug Bounty program. The previous record was set by a 13-year-old.
It’s evident that bug bounty programs are on the rise. Facebook reported earlier this year that since 2011, its bug bounty program has received more than 2,400 valid submissions and awarded over $4.3 million to 800 researchers around the world.
Facebook isn’t alone, either. Security, as an industry, continues to embrace bug bounty programs.
Last week, Hackerone cofounder Jobert Abma stated in an interview that in the past eight months he had made an additional $80,000 from bug bounties alone. Abma went on to reveal that he intends to earn an extra $100,000 from bug bounties in 2016, a goal which he claims he is on track to meet:
“There are some hackers making $200,000 a year [from bug bounty programs], and about 20 making $100,000 annually,” Abma said. “I know someone who is going for $500,000 this year as his personal goal. He’s capable.”
The growth of bug bounties is certainly inspiring. With any luck, it will deter some potential and current black hat hackers, while encouraging them to contribute to the white hat community instead.
Stories where people like Jani get involved in cybersecurity at such a young age are always encouraging to read.
It was just two years ago that David Bisson of Tripwire interviewed young Reuben Paul, an eight-year-old CEO and ambassador for cybersecurity awareness.
Reuben spoke to Bisson about his history and accomplishments, as well as plans in the future.