PayPal Won’t Pay Teenager Reward for Finding Website Bug

Paypal has denied a student a reward for finding a weakness in their website. Robert Kugler, a 17 year old from Germany, contacted PayPal with the vulnerability in their website on May 19 hoping to take part in their Bug Bounty Program. The program awards money to researchers who find issues on and PayPal sites. PayPal informed Kugler by email that he didn’t not qualify for the program because he was under 18.

In the past, Kugler has received rewards from other companies. Mozilla has paid him up to $3,000 for finding bugs and he is listed as a contributor in an April list of Microsoft security researchers.

The main issue may be PayPal’s stipulation that the payment is to be “paid out through a verified PayPal account, once the bug is fixed.” Unfortunately, Kugler can’t do that until he turns 18 next March. The 17 year old has asked for the bounty to be paid to his parent’s account. As of this posting, he has not heard back.


Leave a Reply