Google Bug Bounty Program Awards Teen $36,000

Must Read

Cyber-crime is one oft-repeated threat, which apparently doesn’t seem like slowing down. However, the only defence to this threat is security vigilance and awareness. A quick way to test the corresponding security measures is by incorporating bug bounty programs which have been on the maps of several companies, for a long time now. Although not all bug bounty programs provide remunerations, others can go as high as $36,000 like Google who recently awarded an Uruguayan teenager for exposing a security flaw.

The herculean search engine Google awarded an Uruguayan teenager with $36,000 for reporting a major vulnerability. The 18-year-old Ezequiel Pereira from Uruguay debugS a severe security hole which, otherwise, would have allowed hackers to make changes to Google’s internal systems. At the outset of 2018, Ezequiel Pereira, having a keen interest in programming, got access to a non-Production App Engine deployment environment where he was able to use internal APIs. Remote Code Execution, as it is known, is a part of Google Vulnerability Rewards Program.

The Uruguayan Prodigy:

Ezequiel Pereira, while on the verge of turning 17, earned his first reward through Google bug bounty program wherein he exposed a Google security flaw.

Tapping along the ABCs of this whiz kid; Pereira got his first computer when he was 10. He spent years learning different coding languages, after a steady initiation when he was 11 years old. He finished off as a grand prize winner of Google Code-in 2015, paving a way to Google’s California headquarters.


I found something almost immediately that was worth $500 and it just felt so amazing. So I decided to just keep trying ever since then. – Ezequiel Pereira

He found his second biggest bug on July 2017 through which he earned $10,000. Despite using more than half of the money on applying for scholarships to US Universities, he couldn’t manage into any of the schools. Hence, he took off to become self-taught and started schooling at home. With an aim of achieving master’s degree in Computer Security, Pereira keeps himself busy, hunting bugs.

Pereira got permission to write about how he discovered it recently after Google fixed the issue. It marks his fifth accepted bug.

The Tabloid in a Nut-shell:

  • Early February 2018: Main bug was discovered.
  • February 25th, 2018: Initial report sent, containing the “stubby” API
  • March 4th and 5th, 2018: The app_config_service” API was discovered and reported
  • Between March 6th and 13th, 2018: The access to non-prod Google App Engine environments was blocked with a 429 error page
  • 13th March, 2018: Reward of $36,337 issued
  • May 16th, 2018: Confirmation of the security flaw been fixed.

Bug Bounty Programs Boosts Ethical Hacking :

Bug bounty programs are designed to key-up software security researchers and pay them to find vulnerabilities and report back to the sponsor. In return, the researchers are richly rewarded for their findings. In fact, as part of Google’s Android Security Rewards Program, Researcher Guang Gong, received the largest reward of the year 2017: $112,500.

Heretofore, Pereira’s submissions are towards the Google’s bug bounty program. However, there’re many other technology companies which offer similar awards to ensure smooth and essentially, authentic and supervised access. Introducing bounty programs and offering monetary awards is sure to motivate hackers to discover and report flaws rather than selling them off to malicious, third-party sources. Many corporations have been announcing such programs, wherein they reward hackers who can break into their systems and eventually, report breaches in the process.

Ethical hacking is one’s fair shake to be on the right side of the law while securing systems by hunting down flaws and fixing them.



Please enter your comment!
Please enter your name here

Latest News

Apple Online Store In India Is A Kind Of Big Deal

After all rumours, speculations, debates and discussions online, as well as offline, Apple store in India is...

Investment In Edtech Startups 2020: Record $4.9 Billion And Still Counting

Whilst the entire world spent the better half of 2020 locked indoors and practising social distancing, online education startups skyrocketed globally! Let’s...

BLESA: The New Bluetooth Vulnerability Putting Billions of Devices At Risk

With the ever-changing technology, the war against hackers and those intent upon malicious data theft are eternal. Fighting them is like fighting...

Flipkart IPO In 2021: Gunning For $50 Billion Valuation, But Ditches India

The poster boy for Indian e-commerce Flipkart is finally gunning for an IPO. The twist to the news is the listing country,...

Google’s New Search Feature Makes Local Shopping Safer

Google's new search feature is all about making shopping safer and easier during the time of Covid19 when people are looking for...

Google Gets Grilled For Having Monopoly On Digital Ad Market: Just A Sneak Preview Of What’s To Come Next?

The world just received a sneak peek of the what’s heading Google’s way along with other big tech companies when it comes...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter,...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

More Articles Like This