It makes me happy to see people who find and report bugs rather than hiding and exploiting them. I'm sure the monetary incentive doesn't hurt, either.
$10,000? Not to diminish what this child did in any way, but that is 4x what the person received who obtained access to<p>Static site content<p>Source code<p>SSL key pairs<p>iOS and Android app signing keys<p>iOS push notification keys<p>Email server credentials<p>Twitter, Facebook, Tumblr, Foursquare, and Flickr API keys<p><a href="http://exfiltrated.com/research-Instagram-RCE.php" rel="nofollow">http://exfiltrated.com/research-Instagram-RCE.php</a>
Do Facebook face some sort of liability under COPPA for allowing [condoning?] this under 13 yo - I'm presuming without verifiable parental consent prior to use - to use their services?<p>Perhaps the time for Facebook to fight COPPA (for better or worse) is coming soon?
Trying to remember that other incident, not with facebook, maybe microsoft, where it was a teenager and they wouldn't pay them because they weren't 18+<p>So good on Facebook (this once).<p>ETA: it was paypal <a href="http://seclists.org/fulldisclosure/2013/May/163" rel="nofollow">http://seclists.org/fulldisclosure/2013/May/163</a>
jesus when I was 10 years old I was barely programming on actionscript, which is now dead. Now at 28 I can't even make that kind of money in an entire year
Payed out to over 800 researchers? Wow that's a lot of security bugs. I wouldn't have guessed so many were possible. Imagine if they didn't have such a program!