A 10-year old boy has found a security flaw in Instagram and, for his efforts, been rewarded $10,000 by Facebook. He claimed that he could delete user comments – intrigued, security engineers decided to test whether this was true or not.
They set up a dummy account and, unsurprisingly, found that the youngster could easily wipe out comments left by anyone on Instagram.
“I tested whether the comments section of Instagram can handle harmful code,” he was quoted as saying. “Turns out it can’t. I noticed that I can delete other people’s comments from there … I could have deleted anyone’s – like Justin Bieber’s for example – comments.”
The reward was given as part of Facebook’s Bug Bounty program. Payment is discretionary, but over the last five years, $4.3 million has been paid out by the social network.