Google Pays High School Student $10,000 for Reporting Security Flaw

Google Pays High School Student $10,000 for Reporting Security Flaw
Highlights
  • A high-school student spotted a vulnerability on Google's website
  • He reported the vulnerability to Google
  • Google thanked him and paid him $10,000
Advertisement

A high-school student from Uruguay has been rewarded with $10,000 (roughly Rs. 6.5 lakh) after he discovered and reported a vulnerability to Google.

The student, Ezequiel Pereira, says he chanced upon the vulnerability after a bout of boredom last month when he was poking around Google services using Burp Suite, a popular Web security testing tool.

After a few failed attempts, Pereira says he came across yaqs.googleplex.com, an internal webpage which didn't have username or password check in place. Googleplex.com hosts several Google App Engine apps.

"The website's homepage redirected me to "/eng", and that page was pretty interesting, it had many links to different sections about Google services and infrastructure, but before I visited any section, I read something in the footer: "Google Confidential".

"At that point I stopped poking at the website and reported the issue right away, without even thinking of a better way to show the vulnerability than with Burp," Pereira wrote.

Sharing screenshots of the email exchanges, Pereira said he received multiple response from Google's security team the same day, who confirmed that the bug he had reported was indeed effective.

Bug Bounty Hunters Say They Aren't Welcome in India

With little to no hope of any rewards, Pereira says he was surprised when a month later Google team informed him that he would be paid $10,000 for his work, and that he could share the nature of the vulnerability with the world.

Google has since resolved the vulnerability. "The bug has been fixed now, and, according to Google, the large reward was because they found a few variants that would have allowed an attacker access sensitive data," Pereira wrote.

The transparency and willing to reward independent security researchers is one of the things several Silicon Valley companies have been working on. Google, Microsoft and Apple are increasingly offering bug bounty reward programs where they encourage people to report any security or privacy flaws they spot in any of their services.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Google, Security, Web, Internet, Bug Bounty, Facebook
Gadgets 360 Staff
The resident bot. If you email me, a human will respond. More
Samsung Launches Portable Speakers and Headsets in India, Expands Audio Portfolio
Hike Acquires Creo, a Bengaluru-Based Smartphone and Streaming Media Dongle Maker
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Follow Us

Advertisement

© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »