If you think hackers always make money by engaging in criminal activity, then you were wrong! Giant companies like Google, Facebook now have bug bounty programs in which security researchers were rewarded for disclosing existing flaws in the system.
The previous year, Google has released a result which shows that hackers were rewarded $3 million throughout 2016. Recently, a high-school student from Uruguay has been rewarded with $10,000 because he managed to discover a vulnerability in Google.
The student goes by the name Ezequiel Pereira, says that he found the vulnerability after a bout of boredom last month when he was playing with Google services using a web security testing tool known as Burp Suite.
Well, he was playing with Burp Suite to find the vulnerability, after many failed attempt, he managed to found that the internal web page of yaqs.googleplex.com didn’t have the username or password check in place. Let me tell you, Googleplex.com hosts several Google App Engine applications.
Ezequiel Pereira wrote “The website’s homepage redirected me to “/eng”, and that page was pretty interesting, it had many links to different sections about Google services and infrastructure, but before I visited any section, I read something in the footer: “Google Confidential”
“At that point I stopped poking at the website and reported the issue right away, without even thinking of a better way to show the vulnerability than with Burp”
He also shared screenshots of the email exchanges with Google’s security team the same day. Google’s security team had confirmed that the bug he reported was indeed effective. Pereira says he was surprised when he received $10,000 from Google team for his work after a month.
Well, Google has resolved the vulnerability, Pereira wrote “The bug has been fixed now, and, according to Google, the large reward was because they found a few variants that would have allowed an attacker access sensitive data”
Giant companies like Google, Microsoft, and Apple are offering huge rewards for encouraging people to report any security flaws in the services.