Facebook Paid $10,000 To A 10-Year-Old For Hacking Instagram (thenextweb.com) 62
An anonymous reader writes: Facebook has paid $10,000 to a 10-year-old hacker who discovered how one could hack into Instagram and delete comments made by users. Speaking to local publication Iltalehti, Jani said: "I would have been able to eliminate anyone, even Justin Bieber." The Finnish hacker just became the youngest person to receive cash from Facebook for hacking its products. The previous record was set by a 13-year-old back in 2013. What's funny is Jani isn't technically old enough to sign-up and use Facebook or Instagram, as it's supposed to be restricted to those under the age of 13. Jani found he could alter code on Instagram's servers and force-delete users' posts. This was confirmed by Facebook using a test account and patched in February, Facebook told Forbes. Facebook has received more than 2,400 valid submissions and awarded upwards of $4.3 million to over 800 researchers since the bounty program launched in 2011.
Re: (Score:2)
Well, it can entertain entertain someone and make this someone less bored and productive, as well, its a quite fun story.
But seems like it did the opposite effect on you.
Re: (Score:3, Insightful)
How does a 10 year old getting paid $10k by Facebook affect my life or most people's lives in any significant manner? I'd really like to know.
Again, I would ask why you think it matters to anyone that you, personally, aren't interested in this particular story.
Slashdot isn't here to cater to your personal tastes. If you're not interested in a particular story, just ignore it, you moron.
I expect I'll be downmodded into the oblivion of -1 because nobody can give me a good answer.
No, you'll get downmodded because it's a stupid question from an idiot.
Re: (Score:1)
Slashdot isn't here to cater to your personal tastes. If you're not interested in a particular story, just ignore it, you moron.
Yes, you are right of course. The users of a site (that is - the only ones who give that site any ability to make money via ads and paid accounts) should never, ever question any decision made by that site. They should certainly never question such things using the most reasonable and effective means available to them - by posting on that site using the Post button provided by the site itself. I mean, they should never get so carried away as to do something so strange and extreme!
By the way, you could apply your own logic about stories that get posted, to the comments that get posted. Perhaps posters of comments also aren't here to cater to your personal tastes, or your personal ideas of what they should or shouldn't post about. You could have ignored that.
Does that make you a moron? Or are you somehow ... a special case?
You made a stupid and pointless comment, and now you're upset that some people think that? Stories that should be questioned have no relevance to technology, and this most certainly does. You haven't even backed up your point at all besides "eh, I don't like it", and guess what, that's not a good reason for a public newsfeed. Furthermore, you don't have the right to challenge him, because you begged the question:
Can anyone give me a good answer as to how this affects anyone other than the 10 year old? I don't think you can.
He was responding to your invitation, so don't even start that he should ignore you. Furthe
Re: Simple question (Score:1)
You know that cows guy? After like 10 years of reading this site, I think it finally hit me - you're all fucking cows! No human would argue such ridiculous shit on the Internet when they have much better human things to do.
Re: (Score:2, Insightful)
No. The post was modded down because "how does this affect my tiny little world" is your version of "Frosty Piss".
You already know the answer: "Nobody cares whether this affects you or not, because nobody cares about you in general."
Good bye. I'll read you again when you manage to reach a (Score:1)
Re: (Score:1)
Your post started at -1 because like so many others you are a coward.
Re: (Score:3)
Pro tip. Create an account and log in to post. For many (perhaps most or even all) people, posts by ACs start at -1. This is sensible since most AC posts are completely worthless. Since there is really nothing in your post to suggest it should be significantly modded up, you are likely stuck in that hole.
Re: (Score:2)
What would be the approximate method? (Score:1)
missed opportunity! (Score:5, Funny)
"I would have been able to eliminate anyone, even Justin Bieber."
ah hell, i would have paid him $20K if he actually had. *sigh*
$10K to Facebook is cheap! (Score:5, Insightful)
Frankly, this is smart on Facebook's part... For $10K they avoided a serious flaw in their systems that they didn't catch. Had they not offered the money, he might not have told them.
Or he might have, but better safe than sorry.
10 years old? Sheesh, Facebook should hire the kid! :)
Re: (Score:2)
That's the reason for these programs in the first (Score:3, Interesting)
place - that they don't have to hire anyone. It's another form of temp worker program. They don't owe benefits don't owe pension or 401k matching nor do they even have the possibility of being sued despite the kid being too young to work basically anywhere.
How much would they have paid a professional security firm or on staff IT to audit them and get this result?
Re: (Score:2)
Funny how this is always the narrative taken. Either the kid is a genius, or the Big Internet Company sucks. Never is it suggested that hacking is so easy, 10 years old can do it.
Re: (Score:1)
Never is it suggested that hacking is so easy, 10 years old can do it.
... BECAUSE the Big Internet Company sucks. Look, billion-dollar companies can buy loads of security experts who really know their stuff. These people have been studying security a lot longer than Junior has been alive. They know how to audit and test systems, preferably before going live. But you keep more of those billions by going el-cheapo. You get what you pay for.
Facebook sucks more than Generic_Internet_Corp for a variety of reasons. Zuckerberg's hostile and condescending attitude towards his o
Re: (Score:2)
"Billion-dollar companies" face the exact same security issues and get hacked by 10 years old kid (or their equivalent) all the time. And their "top" security experts can't do much about it. I know, I'm one and I work for one.
The reason these companies fail isn't because their personnel sucks, but because hiking IS easy. Or, more precisely: the cost (in term of time, effort, expertise, etc.) to hack one of the many systems a typical big company has is completely dwarfed by the cost of securing those systems
Re: (Score:2)
Adopting new coding language is part of the long-term solution, yes, but that's only a small portion of the solution. Security isn't all about software vulnerabilities.
Re: (Score:2)
but kinda sorta mostly is when considering hacking is a remote activity... typically.
Re: (Score:1)
10 years old? Sheesh, Facebook should hire the kid! :)
Reeks of one of those cases, where it was actually the parents who did all the work and then attributed all credit to their kid.
2400 in 5 years? (Score:1)
That's approaching Microsoft's territory.. and their codebase is substantially larger and more complex. How are those H1-B workers doing, Mark? Getting what you're paying for?
Try him like an adult (Score:1)
then lock him up for twenty without parole. He's a hacker, it's the law!
2400 security issues in 5 years (Score:4, Interesting)
That's more than 1 a day. Maybe Facebook should improve their software development.
And with 1 security issue a day do you really want to put your "private" info on that system.
Re: (Score:3)
And with 1 security issue a day do you really want to put your "private" info on that system.
I have never understood why anyone has ever used anything other than "public" on social networking, because the only safe thing is to assume that it's all public anyway.
With that said, I picked up a habit for public blathering with my first website when I was 15, and the web was shiny and new. It doesn't seem to be going away.
Re: (Score:2)
Because Facebook is good at marketing.
The only reason you have privacy controls is because the illusion of privacy results in people giving up more information for you to harvest than if they didn't.
The adage of never posting online what you don't want the world to know has always been true (at least since the 80s, probably since earlier) b
Under 13 (Score:2)
Re: (Score:3)
Re: (Score:1)
But his parents did. Do you really think the kid found the hack? Or maybe he got a little assistance?
The cynic in me also notes that if the bounty money is counted as income, and since Finland has progressive taxation, the tax on this would be significantly smaller due to having no income at the age of 10.
Re: (Score:2)
UKism? (Score:5, Interesting)
> it's supposed to be restricted to those under the age of 13
Is this an Anglicanism I don't know about? In U.S. English, "restricted to" means "only allowed for," e.g. "R-rated movies are restricted to viewers over 17." Viewers under 17 are restricted from viewing them.
Re: (Score:2)
He didn't assume it. He was asking if the phrase meant the opposite in UK English as it does in US English. If so, he would then have concluded that the author of the summary (or article) was British.
Re: (Score:2)
Re: (Score:1)
This is one of those cases where TFS is accidentally correct. Once you turn 13, you should no longer be on Facebook or Instagram.
Re: (Score:3)
You're right. In American English anyway.
"Restricted to X" means available only to X.
How did he do it? (Score:3, Insightful)
TFA gave a lot of useless information and stats but nothing actually of interest.
How did he do it seems like a more appropriate question.
Re: (Score:2)
In all likelihood, this part of the story isn't even public. I highly doubt Facebook/Instagram released the technical details of the hack, and since the hacker got paid, I don't think he'll be sharing that info either. By the way, this part in the summary is particularly troubling: "Jani found he could alter code on Instagram's servers and force-delete users' posts." He could alter code on the servers? I kind of hope it was just journalists misrepresenting the truth, and it was just a simple case of the URL
Lol, even kids hack it (Score:1)
Sadly after Finnish taxes that's more like $4000...
Also is int that bit embarrassing for big tech company that even kid can literally hack it?
What happens under TPP? (Score:1)
Would this kind of activity become illegal under TPP? Not just this particular example, but Facebook's bounty program in general? If the kid is from a country that refuses to sign TPP, could he still be prosecuted?
Re: (Score:2)
under the TPP they can say that 10K year is a good wage and that the US min wage is to high under a investor state dispute
funny (Score:1)
how they pay some while deny others
Only $10,000? (Score:3)
Re: Only $10,000? (Score:2)
What do you expect from a VC-backed company? The big bucks are for people with the right family connections, not for lowly plebs like this kid.
He should have taken an alarm clock apart (Score:1)
Then put the innards into a suitcase. That would have gotten him a scholarship offer from MIT and an invitation to the White House.