A 10-year-old with insane hacking skills just scored a $10,000 payout from Facebook for uncovering a serious flaw in Instagram.
The Helsinki-based boy, who can’t even open a Facebook account for another three years, found he was able to alter code on Instagram’s servers to delete comments posted by any account.
“I would have been able to eliminate anyone, even Justin Bieber,” Jani told Finnish paper Iltalehti. He proved this by deleting a comment Instagram had posted on a test account.
“The problem lay in a private application programming interface (the slice of code allowing certain outside access) that wasn’t properly checking the person deleting the comment was the same one who posted it,” reports Forbes.
Jani uncovered the flaw early this year, and Facebook confirmed the bug was patched in early February. Jani’s payout, which was issued in March, makes him the youngest hacker to claim Facebook’s bug bounty. The title was previously held by a 13-year-old.
Jani plans to spend his earnings on a bike, a football, and new computers for his brothers.
Since it launched in 2011, Facebook has paid out more than $4.3 million to over 800 researchers around the world as part of its bug bounty program, which rewards those who find and report legitimate security risks in its products.