Ezequiel Pereira, a high school student in Uruguay, said that Google has paid him $10,000 as part of its bug bounty program. Pereira went looking for vulnerabilities in Google App Engine because he was bored. Eventually, he found a way to access the servers for the cloud development service without being authenticated.
The teenager reported the issue to Google and submitted proof-of-concept evidence. Several weeks later he was surprised to receive an email from the company that informed him of the large payout.
Google pays up to $30,000 for remote code execution bugs.