According to a report in technology website VentureBeat.com, Jani from Finland discovered the security flaw in Instagram on his own.
He found a bug in Instagram which requires you to be at least 13 before even signing up, that let him delete any comment on the social network.
“He reported the bug by email, offered proof by deleting a message on one of Facebook’s test Instagram accounts and it was fixed in February. Facebook paid him the bug bounty in March,” the report added.
“I would have been able to remove anyone, even Justin Bieber,” the report quoted Jani as saying.
The Finnish boy wishes to become a security researcher. “It would be my dream job. Security is very important,” he was quoted as saying.
He used the reward money to buy a new bike, football gear and computers for his two brothers.
Like Google and Microsoft, Facebook also has a bug bounty programme.
In February, Facebook announced that it had paid $4.3 million in rewards to more than 800 security researchers for over 2,400 submissions since launching its bug bounty programme in 2011.
In 2015, 210 researchers received $936,000 with an average payout of $1,780.