The youngster, a 10-year-old Finnish kid named Jani, claimed the security flaw he discovered could even allow him to delete Justin Bieber’s Instagram comments and captions, should he feel so inclined. Jani showed off his hack to the Instagram team by deleting a comment they posted on a test account. As the boy’s father told the Finnish news site Iltalehti, Jani and his twin brother are fairly prolific at poking holes in seemingly secure websites, but the Instagram hack was their biggest to date.
The $10,000 prize was part of Facebook’s Bug Bounty program, which offers rewards to White Hat hackers and other researchers who find bugs or security flaws in their code. In 2015, Facebook reportedly paid out $936,000 to 210 different researchers, out of a grand total of 13,000 submissions. 102 of those submissions were considered “high impact.”