Back in October last year, Sanmay Ved, a student at Babson University, hit the headlines after revealing that he had very briefly owned the domain name Google.com. The company was quick to take the name back but, as Google appreciated Ved discovering the vulnerability, he was offered a reward.
Google and Ved never revealed how much money the search engine giant was offering, but in its 'Google Security Rewards — 2015 Year in Review' post, we finally find out. Initially, the company offered him $6006.13, which spells out Google (kind of), but after discovering that the altruistic student intended to give it all to charity, the figure was doubled to $12,012.26.
It was September 29, 2015, when Ved had been searching Google Domains, Google’s website buying service, and noticed that Google.com was available for purchase. Ved bought the domain for $12 and was the owner for an entire minute, before an email from the registration site notified Ved that his purchase had been cancelled. It's still not entirely clear how Google lost control of the domain name in the first place.
As Google owns the domain registration service Ved used, it was easy for the company to transfer Google.com back to itself. A similar incident occurred in 2003 when Microsoft forgot to renew their Hotmail UK domain; except in this instance, the company didn’t have such an easy time getting the name back.
Google’s Vulnerability Rewards program awards people who find vulnerabilities within Google. It paid out more than $2 million to over 300 researchers across the whole of 2015, including a single payment of $37,500 to one Android security researcher.