Security Google finally reveals how much it paid the student who briefly owned Google.com

midian182

TechSpot Editor
Staff member

Back in October last year, Sanmay Ved, a student at Babson University, hit the headlines after revealing that he had very briefly owned the domain name Google.com. The company was quick to take the name back but, as Google appreciated Ved discovering the vulnerability, he was offered a reward.

Google and Ved never revealed how much money the search engine giant was offering, but in its 'Google Security Rewards — 2015 Year in Review' post, we finally find out. Initially, the company offered him $6006.13, which spells out Google (kind of), but after discovering that the altruistic student intended to give it all to charity, the figure was doubled to $12,012.26.

It was September 29, 2015, when Ved had been searching Google Domains, Google’s website buying service, and noticed that Google.com was available for purchase. Ved bought the domain for $12 and was the owner for an entire minute, before an email from the registration site notified Ved that his purchase had been cancelled. It's still not entirely clear how Google lost control of the domain name in the first place.

As Google owns the domain registration service Ved used, it was easy for the company to transfer Google.com back to itself. A similar incident occurred in 2003 when Microsoft forgot to renew their Hotmail UK domain; except in this instance, the company didn’t have such an easy time getting the name back.

Google’s Vulnerability Rewards program awards people who find vulnerabilities within Google. It paid out more than $2 million to over 300 researchers across the whole of 2015, including a single payment of $37,500 to one Android security researcher.

Permalink to story.

 

Skidmarksdeluxe

TS Evangelist
He never actually owned it, once they saw the error they took it back so he had no ability to "hold onto" it. The money was done because he technically found a vulnerability in their system not to actually buy it back.
Nonetheless it was Googles fault. What's 12K to them? Cheapskates.
 

Hexic

TS Evangelist
TechSpot Elite
He never actually owned it, once they saw the error they took it back so he had no ability to "hold onto" it. The money was done because he technically found a vulnerability in their system not to actually buy it back.
Nonetheless it was Googles fault. What's 12K to them? Cheapskates.
It's 6 or 12k that the guy didn't have before - they didn't have to offer anything. Especially because Google owns the domain service anyways, they could have just kicked him out without a word.

IMO, it's principle over amount of money here - Google doubled it because it was all going to charity anyways, so it's meh.
 

stewi0001

TS Evangelist
TechSpot Elite
That's very honorable of the guy. I would have kept the money myself due to trying to support a family, a house in need of fixing up, and bills.
 

Uncle Al

TS Evangelist
Frankly, why can't the individual or company specify the length of time they "own" the domain name? No reason it shouldn't be something they could contractually hold for an indefinite period of time or unless they default on payment. It almost sounds like a rigged game to allow others to prey on their vulnerability .... no?
 

tonylukac

TS Evangelist
Why didn't they pay him the gross they take in in that amount of time he owned it, probably about $1 billion? Maybe they think they're fox; show biz but all of their employees are volunteers. Someday we may get what's owed to us.
 
  • Like
Reactions: DealershipNews

psycros

TS Evangelist
Who the hell sells domains for $12? Last I checked the cheapest you could hope to get one was around $50.
 

Camikazi

TS Evangelist
Who the hell sells domains for $12? Last I checked the cheapest you could hope to get one was around $50.
Depends on the domain, I have about 10 of them, none are big and are mostly for personal use and none cost me more than $5. Unless selling domains to me is different than what you mean.