In a bizarre twist of fate, a former Google employee named Sanmay Ved managed to purchase one of the internet’s most iconic domains—Google.com—for just $12. The astonishing incident unfolded on September 29, 2015, and sent shockwaves through the tech world. What initially seemed like a simple error turned into a critical security lapse that Google had to swiftly address. In this article, we’ll dive into the details of this strange event, its implications for online security, and how it led to Google rewarding Ved for his discovery.
A Surreal Incident: The Purchase of Google.com
In the early hours of September 29, 2015, around 1:20 AM Eastern Time, Sanmay Ved, a former Google employee, was casually testing Google’s domain registration service, Google Domains. To his shock, he noticed that the domain name Google.com was listed as available for purchase. Initially, Ved assumed this was a glitch, but he decided to try purchasing it anyway, just for fun.
To his amazement, the transaction went through. He successfully bought Google.com for a mere $12 (roughly Rs 800 at the time). Not only did the payment process complete without a hitch, but Ved also received a confirmation email, and the domain appeared on his Google Search Console dashboard, indicating that he had temporarily become the owner of one of the internet’s most valuable digital assets.
The Confirmation: A Critical Security Flaw Uncovered
The shock didn’t end with Ved’s successful purchase. Google’s internal systems confirmed his newfound ownership. His Google Search Console account began showing alerts related to the domain, and administrative tools that were usually reserved for official Google employees were made available to him.
In a LinkedIn post, Ved shared his reaction to the bizarre event:
“I was hoping I would see at some point an error that said the transaction didn’t go through, but I was able to make the purchase, and my credit card was really charged.”
Though Ved’s ownership lasted only a minute, it was long enough to expose a significant security flaw in Google’s domain management system.
Google’s Response: Investigating the Glitch
Soon after the incident, Google’s security team reached out to Ved to investigate the situation. They verified the transaction and identified a vulnerability in their internal systems that had allowed Ved to briefly claim ownership of Google.com. Google took immediate action to rectify the flaw and prevent future occurrences.
In recognition of his responsible disclosure of the security issue, Google awarded Ved a financial reward of $6,006.13, a figure that was not arbitrary—it was designed to resemble the word “Google” when viewed numerically. However, Ved’s ethical stance came to the forefront when he decided to donate the entire amount to charity. In response to Ved’s generosity, Google doubled the reward, bringing the total to $12,012.26.
Ved’s Charitable Donation: Supporting Education in India
Ved chose to donate the entire amount to the Art of Living India Foundation, a non-profit organization that provides free education to underprivileged children across India. The foundation operates 404 schools, serving more than 39,200 children. Ved’s donation was a significant gesture, underscoring his belief that the incident was never about personal gain.
He emphasized, “I don’t care about the money. It was never about the money.” His actions not only highlighted a critical cybersecurity vulnerability but also contributed to the well-being of countless children in need.
Google’s Security Reward Program: A Larger Picture
This incident drew attention to Google’s broader Security Reward Program, which rewards ethical hackers and researchers who responsibly identify vulnerabilities within Google’s products and services. Since its inception in 2010, the program has distributed over $6 million in rewards to researchers worldwide.
At the end of 2015, Google announced that it had awarded more than $2 million to over 300 individuals under this initiative. Ethical hackers from across the globe—including from the United States, India, Germany, Brazil, and Israel—have played a vital role in making Google’s platforms safer for billions of users.
In a blog post, Google explained their reward for Ved:
“Our first cash reward to Sanmay – $6,006.13 – read Google, numerically (squint and you’ll spot it!). We doubled the sum subsequently when Sanmay gave away his reward money to charity.”
What Undercode Say:
This incident serves as a reminder of the importance of robust security protocols, especially when dealing with high-value digital assets like domain names. The fact that such a major flaw existed in Google’s system—allowing a random individual to briefly claim ownership of Google.com—speaks volumes about the complexity and potential risks inherent in internet infrastructure.
However,
The incident also puts a spotlight on Google’s Security Reward Program, which incentivizes individuals to find and report vulnerabilities. This program has proven to be a valuable tool in securing Google’s vast ecosystem, and it’s a model that many other tech giants could look to for inspiration. By offering monetary rewards, Google encourages a global network of ethical hackers to work collaboratively in identifying and addressing potential threats.
Google’s response to the situation was swift and transparent, reinforcing the company’s commitment to security and trust. The fact that they doubled Ved’s reward when he chose to donate the money reflects a broader shift toward corporate social responsibility, where the focus is not just on profit but also on making a positive impact on society.
Moreover, this event underscores the vital role that ethical hacking plays in today’s digital landscape. As the internet becomes an increasingly important part of our daily lives, ensuring its security is more critical than ever. Programs like Google’s Security Reward Program, along with responsible actions from individuals like Ved, help to make the digital world a safer place for everyone.
Fact Checker Results:
- The domain Google.com was indeed available for purchase due to a security flaw in Google’s system.
- Sanmay Ved was charged $12 for the domain and later received a reward from Google for reporting the issue.
- Ved’s decision to donate the reward to a nonprofit organization aligns with his ethical approach to the incident.
References:
Reported By: timesofindia.indiatimes.com
Extra Source Hub:
https://www.medium.com
Wikipedia
Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
