A 10-year-old Finnish boy named Jani has been given $10,000 (£7,000) after he found a security flaw in image-sharing social network Instagram.
The boy, who technically is not allowed to even join the site for another three years, discovered a bug that allowed him to delete comments made by other users.
The issue was "quickly" fixed after being discovered, said Facebook, which owns Instagram.
Jani was paid soon after - making him the youngest ever recipient of the firm's "bug bounty" prize.
After discovering the flaw in February, he emailed Facebook.
Security engineers at the company set up a test account for Jani to prove his theory - which he did.
The boy, from Helsinki, told Finnish newspaper Iltalehti he planned to use the money to buy a new bike, football equipment and computers for his brothers.
Facebook told the BBC it had paid $4.3m to bug bounty recipients since 2011.
Many companies offer a financial incentive for security professionals - and young children, evidently - to share flaws with the company, rather than selling them on the black market.