A 17-year-old German student found a significant security vulnerability on PayPal’s website, and when he revealed the issue to the company, expected to be rewarded.
But PayPal refused to pay Robert Kugler a Bug Bounty, telling him he was too young to participate in the company’s program that rewards people who find glitches in the system. TechWeek Europe reported that Paypal defended its actions in not paying the bounty because of Kugler’s age
and because the bug had already been found.
Urgent: Is Obama Telling the Truth on IRS, Benghazi Scandals?
In an email to TechWeek Europe, the company spokesperson said, “While we appreciate Mr. Kugler’s contribution to PayPal’s Bug Bounty Program, we can confirm that the cross-scripting vulnerability he identified was already discovered by another security researcher and Mr. Kugler is ineligible to participate in the program since he is under 18 years old. We are working quickly to fix the cross-scripting issue, and we have not found any evidence at this time that our customers’ information has been compromised by this vulnerability."
Many companies like PayPal, Google and Facebook pay computer professionals a reward for finding vulnerabilities on their websites in an effort to avoid hacking and other security issues.
Kugler is listed on Microsoft’s website as a security researcher, and PCWorld magazine reported that he received $1,500 for finding vulnerabilities on Mozilla last year and $3,000 earlier this year for a different issue.
The German youth would like PayPal to at least send him documentation that he found the bug so he can use it in a job application.
PayPal’s refusal to pay Kugler has garnered some harsh headlines – “PayPal Shafts Teenager Out of Bug Bounty Award,” from Hothardware.com – and generated chatter on Reddit and other social sites.
Bug bounties are a good way for computer security researchers to make some extra cash. Websites like BugCrowd.com host lists of bug programs that pay for finding vulnerabilities.
It can be a lucrative venture for security researchers who are good at what they do. Facebook pays $500 if someone finds a “qualifying” bug; Google pays $100 and up to $20,000 for the really extreme issues.
Urgent: Is Obamacare Hurting Your Wallet? Vote in Poll
Facebook Says It Was the Target of Sophisticated Hacking Attack
EBay Says PayPal on Track to Reach 2 Million Stores in 2013
© 2013 Newsmax. All rights reserved.