Google’s just rewarded $10,000 to a high school student, read why
Cyber security and secured networks is something that Google is renowned for and lives by their reputation. However, a high-school student from Uruguay has secured a reward of $10,000 (roughly Rs 6.5 lakh) after he found and reported vulnerability in Google’s secure networks. Ezequiel Pereira, a student from a high school in Uruguay, said he stumbled upon vulnerability when he was bored and was trying various things on Google services using a web security tool Brup suite. After some failed attempts, Pereira came across yaqs.googleplex.com. It is an internal webpage which was not secured by a username or password. The googleplex.com hosts various Google App’s Engine apps. Pereira wrote on one of Google’s test hacking site, “The website’s homepage redirected me to “/eng”, and that page was pretty interesting, it had many links to different sections about Google services and infrastructure, but before I visited any section, I read something in the footer: “Google Confidential.” “At that point I stopped poking at the website and reported the issue right away, without even thinking of a better way to show the vulnerability than with Burp,” adds Pereira. He has shared the screenshots of the email exchanges; he got multiple replies from Google’s security team. The email replies confirmed to Pereira that he has reported a bug and it was effective. A month later, Google informed Pereira that he will get $10,000 for his work and that he could share the nature of the vulnerability he found with everyone. The search giant has also resolved the issue. Pereira wrote, “The bug has been fixed now, and, according to Google, the large reward was because they found a few variants that would have allowed an attacker access sensitive data.”