The boy uncovered a vulnerability in the photo-sharing service that let him delete text posted by users.
A 10-year-old from Finland may have a future in software development—or cyber crime.
Helsinki-based Jani (whose last name was not revealed) found a major flaw in Instagram’s servers, earning him $10,000, and the respect of white hat hackers everywhere.
The youngest person to be paid through Facebook’s bug bounty program, Jani uncovered a vulnerability in the photo-sharing service that let him delete text posted by users. “I would have been able to eliminate [comments by] anyone, even Justin Bieber,” he told Finnish news site Iltalehti.
Reported in February, the hole was quickly patched.
In March, Instagram handed over the cash, which Jani reportedly wants to use for a new bike and computer.
As part of the Facebook bug bounty program created in 2011, Instagram has paid more than $4.3 million to 800-plus researchers around the world.
And while it’s not uncommon to receive the occasional security report from teenagers, Jani set a new record for youngest bug sleuth.
Instagram, meanwhile, is expanding its advertising venture with new video ad carousels.
Initially introduced as a photo-based feature—a way for brands to share more content without taking up more space—the program now includes videos or a mix of clips and photos, according to TechCrunch.
Taking a page from Snapchat Stories, companies are encouraged to highlight three to five pieces of media, each no longer than 60 seconds.
Early adopters include Airbnb, Macy’s, and Taco Bell; take a sneak peak in the video below.