WATCH TV LIVE

Skip to main content
Tags: paypal | bug | reward | teen

PayPal Bug Reward a No-Go After Teen Finds Security Vulnerability

By    |   Tuesday, 28 May 2013 05:26 PM EDT

A 17-year-old German student found a significant security vulnerability on PayPal’s website, and when he revealed the issue to the company, expected to be rewarded.

But PayPal refused to pay Robert Kugler a Bug Bounty, telling him he was too young to participate in the company’s program that rewards people who find glitches in the system. TechWeek Europe reported that Paypal defended its actions in not paying the bounty because of Kugler’s age and because the bug had already been found.

Urgent: Is Obama Telling the Truth on IRS, Benghazi Scandals?

In an email to TechWeek Europe, the company spokesperson said, “While we appreciate Mr. Kugler’s contribution to PayPal’s Bug Bounty Program, we can confirm that the cross-scripting vulnerability he identified was already discovered by another security researcher and Mr. Kugler is ineligible to participate in the program since he is under 18 years old. We are working quickly to fix the cross-scripting issue, and we have not found any evidence at this time that our customers’ information has been compromised by this vulnerability."

Many companies like PayPal, Google and Facebook pay computer professionals a reward for finding vulnerabilities on their websites in an effort to avoid hacking and other security issues.

Kugler is listed on Microsoft’s website as a security researcher, and PCWorld magazine reported that he received $1,500 for finding vulnerabilities on Mozilla last year and $3,000 earlier this year for a different issue.

The German youth would like PayPal to at least send him documentation that he found the bug so he can use it in a job application.

PayPal’s refusal to pay Kugler has garnered some harsh headlines – “PayPal Shafts Teenager Out of Bug Bounty Award,” from Hothardware.com – and generated chatter on Reddit and other social sites.

Bug bounties are a good way for computer security researchers to make some extra cash. Websites like BugCrowd.com host lists of bug programs that pay for finding vulnerabilities.

It can be a lucrative venture for security researchers who are good at what they do. Facebook pays $500 if someone finds a “qualifying” bug; Google pays $100 and up to $20,000 for the really extreme issues.

Urgent: Is Obamacare Hurting Your Wallet? Vote in Poll

Related stories:

Facebook Says It Was the Target of Sophisticated Hacking Attack

EBay Says PayPal on Track to Reach 2 Million Stores in 2013

© 2025 Newsmax. All rights reserved.


Click Here to comment on this article
Share
TheWire
A 17-year-old German student found a significant security vulnerability on PayPal’s website, and when he revealed the issue to the company, expected to be rewarded. But that's not the case.
paypal,bug,reward,teen
391
2013-26-28
Tuesday, 28 May 2013 05:26 PM
Newsmax Media, Inc.

Sign up for Newsmax’s Daily Newsletter

Receive breaking news and original analysis - sent right to your inbox.

(Optional for Local News)
Privacy: We never share your email address.
Join the Newsmax Community
Read and Post Comments
Please review Community Guidelines before posting a comment.
 

Interest-Based Advertising | Do not sell or share my personal information

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

NEWSMAX.COM
America's News Page
© 2025 Newsmax Media, Inc.
All Rights Reserved
Download the Newsmax App
Apple
Android
Amazon
Samsung
Vizio
Roku
Sony
LG
Scan QR code to get the NewsmaxTV App
NEWSMAX.COM
America's News Page
© 2025 Newsmax Media, Inc.
All Rights Reserved