High school student makes thousands from Google exposing simple hack

By Mark Molloy

Google has rewarded a high school student $10,000 after he exposed a security flaw which hackers could have used to access sensitive data.

Uruguayan Ezequiel Pereira explained in a blog post that he was “bored” one day “so tried to find a bug on Google”.

He said many of his attempts failed, however, one internal webpage didn’t require a username or any other information to access.

The teenager said “it had many links to different sections about Google services and infrastructure, but before I visited any section, I read something in the footer: ‘Google Confidential’.”

“At that point I stopped poking at the website and reported the issue right away,” he added.

Google’s security team replied saying they would look into the issue and Pereira was stunned when they eventually offered him a reward.

“I thought to myself ‘Cool, this is probably a small thing that isn't worth a dime, the website probably had some technical stuff about Google servers and nothing really important’,” he recalled.

“I don't know what the website did contain, but some weeks later I got an email right after getting out of school that said my report was worth much more than a dime…”

Actually, it was worth $10,000 (£7,500). He added Google has now fixed the bug

“According to Google, the large reward was because they found a few variants that would have allowed an attacker access sensitive data,” he concluded.

Google runs a Vulnerability Reward Program (VRP), offering monetary rewards to reporters who flag bugs.