Google Rewarded a Hacker and a Domain Squatter in Their 2015 Year in Review

You don't want to know how many bugs people on the internet found in Google's security. 

Getty Images

Google announced that it paid out over $2 million in Google Security Rewards in 2015 to researchers around the world who discovered vulnerabilities in their various platforms on Thursday.

The “2015 Year In Review” portion of the program also included the exact amount distributed to Sanmay Ved who managed to purchase perhaps the most famous domain in the world for $12 back in October.

So how much did Ved receive from the third most valuable company in the entire world? $6,006.13.

Why the weird figure? According to the company, if you squint, 600613 looks like GOOGLE.

HA-HA, Google. Ved immediately committed to donating the fee from Google, so the company actually doubled the final amount.


The other beneficiaries of Google’s grants found more conventional problems and received similarly, let’s say, stingy “thank yous.”

One Russian programmer Kamil Hismatullin discovered he could delete any video off YouTube by altering a single parameter in the url. He took home a paltry $5,000 for his report.

2015 also marked the first year Google expanded the Vulnerability Grants to its Android platform, and one researcher found a hole worth $37,500, the biggest grant of the year.

The year’s champion (besides Ved, of course) is Tomasz Bojarski. Not only did he discover a full 70 Google bugs in 2015, more than anyone else, he even picked up on a bug in the vulnerability submission form itself.

In general, we want to be simply impressed with the researchers who find the bugs. But it’s a little disconcerting that one guy could find 70 bugs.

Google, do you even code?

Related Tags