The Conversation (0)
Mimi Launder
Aug 13, 2017
Picture:
Getty Images/iStockphoto
Google has helped one student get rich quick - but not in the way you might think.
Unfortunately the $10,000 USD fortune wasn't earned as easily as searching 'how to make money fast'.
Uruguayan high school student Ezaquiel Pereira spotted a loophole in Google's back-end servers that could grant attackers access to its private data.
In a post explaining how he did it, he wrote:
On July 11th, I was bored, so I tried to find some bug at Google.
As you do.
Pereira played around with the website - or, in other words, did a lot of confusing stuff that most of us won't understand.
Soon enough he stumbled across the words 'Google Confidential'.
At this point I stopped poking at the website and reported the issue right away.
Just a few hours later, Google emailed him praising the "nice catch".
Pereira stayed modest, thinking to himself:
Cool, this is probably a small thing that isn't worth a dime.
But a few weeks later, Google contacted him again with the true value of his find.
In what must have read at first like a spam email, they said:
As part of Google's Vulnerability Reward Program, this panel has decided to issue a reward of $10,000.
Pereira was gobsmacked:
I got $10,000 US dollars just for changing the Host header!!!
The bug has been fixed now, and, according to Google, the large reward was because they found a few variants that would have allowed an attacker to access sensitive data.
Good luck to Pereira in his dream of becoming a security researcher - though his track record suggests he probably won't need it.
Top 100
x