Facebook rewards child hacker with $10K bounty
A 10-year-old Finnish boy snagged $10,000 from Facebook for finding and reporting a security flaw he discovered on its photo- and video-sharing service Instagram. Given that the young hacker is three years shy of the age required to open an account on Facebook, he can鈥檛 even share the good news.
Jani, whose parents have asked media to withhold his last name, found a way to delete comments posted under images on other people鈥檚 accounts on Instagram. He said that he could delete anyone鈥檚 comments, even those of pop star Justin Bieber (though he didn鈥檛), he told Finnish newspapers.聽
The problem, which Facebook fixed in February, was with Instagram鈥檚 API, or application program interface, a way for developers to use Instagram data to incorporate its features into their apps. Instagram鈥檚 API is supposed to confirm that a user has the authority to delete a comment.
鈥淭丑补迟 properly,鈥 Melanie Ensign, a security representative at Facebook, explained to The Washington Post. 鈥淵ou鈥檙e only supposed to be able to delete comments that you own,鈥 she said.
It鈥檚 not unusual for Facebook, Google, Twitter, Yahoo, Microsoft, and others to court hackers with so-called bounties to help their internal teams identify and fix potential security problems 鈥撀燼nd to deter hackers from selling information about vulnerabilities to criminals or spy agencies.
Jani is among about who collectively have earned $4.3 million since 2011 through Facebook鈥檚 聽program. A typical bounty is $1,780, though that鈥檚 skewed high by several huge rewards, according to The Post.
The Finn is also the youngest Facebook hacker, beating out a 13-year-old for the title, and one of the highest paid by the company.
But there have been younger hackers. The youngest appears to be Kristoffer Von Hassel from San Diego, Calif., who on the online gaming service Xbox Live in 2014, when he was five. As a reward for his discovery, Kristoffer got four video games, $50, and a year-long subscription to Xbox Live from Microsoft.聽
鈥淚 was like...yeah!鈥 the youngster told CNN affiliate KVTV-10.
Not all young hackers take the noble route and report the flaws they uncover. In October a high-school student motivated by his dislike for US foreign policy聽 and posted some of their contents on Twitter.
He was arrested by British authorities聽in February, reported CBS News.
There's a way to help tech-savvy kids develop their skills, while discouraging them from using them to do harm. Parents of young hackers should embrace their talent and foster it, some say, while trying to steer the kids towards hacking for good.
鈥淗acker kids are not like other kids,鈥 Sabino Marquez, an information risk strategist, told 海角大神 recently. 鈥淵ou really have to cater to their sense of curiosity while simultaneously instilling iron-clad ethics to ensure that they do no evil,鈥 he said.
