Google has finally revealed how much it paid Sanmay Ved for discovering a security vulnerability that let him purchase the Google.com domain for one whole minute.
Ved, an ex-employee who worked at Google for five and a half years before leaving to study an MBA, is also a security researcher. He was messing around with Google Domains one night when he discovered that he was able to purchase the Google.com domain for $12 (£8.41).
Unable to believe that he could actually purchase the domain for the search giant, he attempted to add the domain into his shopping cart, and the transaction actually went through. He thus actually had access to the webmaster controls for Google.
Of course, after 60 seconds Google noticed and relieved him of the controls, refunding the $12 to him. However the internet giant decided to reward Ved for discovering the vulnerability as part of its Security Reward initiative.
Initially Ved received $6,006.13 (which spells out Google numerically if you look at the numbers just so). But Google says in a new blog post that it then decided to double the figure to $12,0012.26 when Ved donated his reward to a charity – the Art of Living India Foundation – which helps provide free education to children in rural, tribal and slum areas of India.
This is not the first time that an important domain has been sold to an individual. In 2003, Microsoft failed to renew its hotmail.co.uk domain and it was bought by someone else. In this case, the domain was bought from the UK domain registrar Nominet, so Microsoft had to personally ask the individual to return the domain to them.
Google has been running its Security Reward program since 2010 and has so far given out over $2m in bounty rewards to security researchers. Google says that its most prolific security researcher, Tomasz Bojarski, found 70 bugs on Google in 2015, including a bug in the online form meant for users to report security vulnerabilities.