Facebook Pays 10-Year-Old $10,000 for Exposing Instagram Security Flaw

Mark Zuckerburg
 David Paul Morris/Bloomberg via Getty Images

This gets a like! Facebook rewarded a 10-year-old boy with $10,000 for uncovering a security flaw on Instagram. Jani, whose last name isn’t being shared at the request of his parents, found a way to delete any comment on Instagram, the photo-sharing app bought by Facebook in 2012.

He became the youngest recipient ever of a Facebook bug bounty, which compensates security researchers and hackers who disclose flaws. (The youngest before Jani was a 13-year-old.) According to The Washington Post, Jani verified his findings by deleting a comment that Facebook posted on a test account. The tech company confirmed it patched the bug, which wasn’t properly checking that the person deleting the comment was the same person who posted it, in February, and Jani was paid a month later.

The computer whiz didn’t even need to make an account to delete the comment, which would have violated Instagram’s terms of service since users must be at least 13 years old to sign up. Since Facebook started the bug bounty program in 2011, it has spent about $4.3 million on rewards to more than 800 researchers, according to The Washington Post. Jani’s compensation was much higher than the average payout of about $1,780.

Finnish publication Iltalehti was first to report the news, and Jani told the newspaper (translated): “I would have been able to eliminate anyone, even Justin Bieber.” He also revealed he plans to buy a new bike, soccer gear and upgraded computers for himself and his twin brother with the money, and that he dreams of a career as a security expert, Iltalehti reports. 

Sign up now for the Us Weekly newsletter to get breaking celebrity news, hot pics and more delivered straight to your inbox!

Want stories like these delivered straight to your phone? Download the Us Weekly iPhone app now!