Google has rewarded an Uruguayan high school student $10,000 after he exposed a security flaw that could have been exploited by hackers to access sensitive data.
The Uruguayan high school student, Ezequiel Pereira wrote in his blog post that his achievement came as a result of 'feeling bored' one day. After many unsuccessful attempts, he finally found one internal web page that didn't require a username or any other information to access.
"It had many links to different sections about Google services and infrastructure, but before I visited any section, I read something in the footer: 'Google Confidential'," the student wrote in a blog post. "At that point, I stopped poking at the website and reported the issue right away," he added.
Google’s security team replied saying they would look into the issue and fix the bug.
“I thought to myself ‘Cool, this is probably a small thing that isn't worth a dime, the website probably had some technical stuff about Google servers and nothing really important’,” he recalled. “I don't know what the website did contain, but some weeks later I got an email right after getting out of school that said my report was worth much more than a dime.”
Google later paid him $10,000 as a part of its Vulnerability Reward Programme(VRP) which offers monetary rewards to those who report bugs.