Facebook has awarded $10,000 in prize money to a 10-year-old Finnish boy who found a security flaw on Instagram, which Facebook owns.
Jani became the youngest person to ever win Facebook’s “bug bounty,” which is awarded to users who find security flaws on Facebook’s various platforms.
“I wanted to see if Instagram’s comment field could stand malicious code. Turns out it couldn’t,” Jani told a Finnish newspaper, Reuters translates.
The security exploit was fixed in February, and the bounty was paid in March, Facebook said.
Jani doesn’t have a Facebook or Instagram account himself, but found out that he could delete comments from Instagram when he was learning coding from YouTube videos.
“I could have deleted anyone’s comments from there. Even Justin Bieber’s,” Jani said.
Jani is thinking about a career in data security—but for now, he’s buying a bike and a football with his reward money.
