Tags: paypal | bug | reward | teen

PayPal Bug Reward a No-Go After Teen Finds Security Vulnerability

Tuesday, 28 May 2013 05:27 PM

By Morgan Chilson

A 17-year-old German student found a significant security vulnerability on PayPal’s website, and when he revealed the issue to the company, expected to be rewarded.

But PayPal refused to pay Robert Kugler a Bug Bounty, telling him he was too young to participate in the company’s program that rewards people who find glitches in the system. TechWeek Europe reported that Paypal defended its actions in not paying the bounty because of Kugler’s age and because the bug had already been found.

Urgent: Is Obama Telling the Truth on IRS, Benghazi Scandals?

In an email to TechWeek Europe, the company spokesperson said, “While we appreciate Mr. Kugler’s contribution to PayPal’s Bug Bounty Program, we can confirm that the cross-scripting vulnerability he identified was already discovered by another security researcher and Mr. Kugler is ineligible to participate in the program since he is under 18 years old. We are working quickly to fix the cross-scripting issue, and we have not found any evidence at this time that our customers’ information has been compromised by this vulnerability."

Many companies like PayPal, Google and Facebook pay computer professionals a reward for finding vulnerabilities on their websites in an effort to avoid hacking and other security issues.

Kugler is listed on Microsoft’s website as a security researcher, and PCWorld magazine reported that he received $1,500 for finding vulnerabilities on Mozilla last year and $3,000 earlier this year for a different issue.

The German youth would like PayPal to at least send him documentation that he found the bug so he can use it in a job application.

PayPal’s refusal to pay Kugler has garnered some harsh headlines – “PayPal Shafts Teenager Out of Bug Bounty Award,” from Hothardware.com – and generated chatter on Reddit and other social sites.

Bug bounties are a good way for computer security researchers to make some extra cash. Websites like BugCrowd.com host lists of bug programs that pay for finding vulnerabilities.

It can be a lucrative venture for security researchers who are good at what they do. Facebook pays $500 if someone finds a “qualifying” bug; Google pays $100 and up to $20,000 for the really extreme issues.

Urgent: Is Obamacare Hurting Your Wallet? Vote in Poll

Related stories:

Facebook Says It Was the Target of Sophisticated Hacking Attack

EBay Says PayPal on Track to Reach 2 Million Stores in 2013

© 2015 Newsmax. All rights reserved.

Around the Web
Join the Newsmax Community
Please review Community Guidelines before posting a comment.
>> Register to share your comments with the community.
>> Login if you are already a member.
blog comments powered by Disqus
Zip Code:
Privacy: We never share your email.
Hot Topics
Follow Newsmax
Like us
on Facebook
Follow us
on Twitter
Add us
on Google Plus
You May Also Like

Kentucky Senator Brandon Smith Wants Out of DUI With Immunity Law

Friday, 23 Jan 2015 19:20 PM

Kentucky state Senator Brandon Smith, arrested earlier this month on a DUI charge, is making an effort to get the charge . . .

School Bus Pentagram? Woman Outraged Over Satanic Brake Light Symbol

Friday, 23 Jan 2015 18:53 PM

A Tennessee woman is outraged after spotting what she says is a satanic pentagram formed by the brake lights on a school . . .

Rapper Tiny Doo May Face Long Jail Sentence Over Lyrics

Friday, 23 Jan 2015 18:10 PM

San Diego rapper Tiny Doo is facing a possible 25-year prison sentence for his violent song lyrics under a little-known  . . .

Top Stories

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

America's News Page
©  Newsmax Media, Inc.
All Rights Reserved