All sizes | PayPal booth | Flickr - Photo Sharing!
When Robert Kugler reported a bug to PayPal, he was hoping to get paid as part of the company's bounty program.

When Robert Kugler reported a bug to PayPal, he was hoping to get paid as part of the company's bounty program. But the eBay-owned company rebuffed him. He was 17—underage.

On May 19, Kugler, a security researcher from Germany, notified PayPal of a cross-site scripting (XSS) flaw that would permit anyone who exploited it to steal sensitive information. For a site that deals in financial transactions, this is not an insignificant vulnerability.

According to PC World, eBay officials notified Kugler via email that because he was under 18, he was in violation of its guidelines for security researchers. It's worth noting the company's site doesn't actually mention the age restriction. 

For his part, Kugler believes PayPal's actions are setting a bad precedent and that they'll only discourage others from finding and reporting vulnerabilities.

"It’s not the best idea when you're interested in motivated security researchers," he wrote in his report on security researcher site Seclist.org.

The PayPal exploit isn't the first security find for Kugler. Companies like Microsoft and Mozilla—makers of the Firefox browser—have compensated him for discovering and reporting bugs.

UPDATE: PayPal denies that Kugler's age was at issue. Actually, another researcher beat him to the punch. Here's the company's  statement:

In this specific situation, the cross-site scripting vulnerability was already discovered by another security researcher, so [the bug] would not have been eligible for payment, regardless of age [of the researcher], as we must honor the original researcher that provided the vulnerability.

Photo via Liz Wise/Flickr

Promoted Stories Powered by Sharethrough
Business
Samsung's response to a customer whose phone caught fire only made things worse
Damage control is a tricky thing: One wrong move can make a small crisis exponentially worse. Such is the case for Samsung, which moved to suppress YouTube evidence that its Galaxy S4 smartphone can catch fire for no reason at all, only to have the original poster call the company out for it in a second video that received five times as many views as the first.
Business
PayPal president: We're thinking about accepting Bitcoin
Bitcoin has experienced no shortage of growing pains lately, but a game changing development could be on the horizon.
The Latest From Daily Dot Video
Group

Pure, uncut internet. Straight to your inbox.

Thanks for subscribing to our newsletter!