Igor VC

The Helsinki-based wunderkind, according to Finnish publication Iltalehti, discovered he could alter code on Instagram servers to force delete users’ words. “I would have been able to eliminate anyone, even Justin Bieber,” he told the paper.

Facebook told FORBES that Jani verified his report by deleting a comment the company posted on a test account. A spokesperson confirmed the bug was patched in late February and the $10,000 reward handed to Jani in March. The problem lay in a private application programming interface (the slice of code allowing certain outside access) that wasn’t properly checking the person deleting the comment was the same one who posted it, the spokesperson added.

Some serious bugs have been found in Instagram in recent memory. Not all have gone rewarded, as in the case of researcher Wes Wineberg, who uncovered “shocking” bugs in December 2015 that allowed him access to a vast amount of internal Instagram data. Facebook believed he’d gone too far in proving his point, denying Wineberg a bounty.

According to Facebook’s latest update, the bug bounty programm has awarded more than $4.3 million to more than 800 researchers around the world. In 2015, it paid $936,000 to 210 researchers for a total of 526 reports. Whilst many American and European hackers have submitted hacks, Indian researchers have disclosed more bugs than any other nationality. The previous youngest recipient of a bounty was just 13.