Google’s logo on a building on the company’s Mountain View, Calif., campus in 2019. The company says it mistakenly sent a security engineer $250,000. Jeff Chiu/AP hide caption
Google’s logo on a building on the company’s Mountain View, Calif., campus in 2019. The company says it mistakenly sent a security engineer $250,000.
Sam Curry, a self-described hacker, says he was mysteriously paid $249,999.99 by Google last month and that he had no idea why the tech giant simply handed over a quarter-million dollars.
“It’s been a little over 3 weeks since Google randomly sent me $249,999 and I still haven’t heard anything on the support ticket. Is there any way we could get in touch @Google,” Curry tweeted on Tuesday with a screenshot of the transaction.
He added: “it’s OK if you don’t want it back…”
A staff security engineer at Yuga Labs, Curry told NPR that he sometimes does bug bounty hunting for companies including Google. That’s when people are paid to help firms and other organizations find vulnerabilities in their software.
But he says he was unable to figure out a link between bug bounty hunting for Google and the sum dumped into his bank account.
The money was available for Curry to spend, but he said he was simply holding onto it in case Google tried to get it back. He said if Google took too long to get back to him, he might have to move the cash into a separate account to avoid paying taxes on it.
Ultimately, Curry guessed that Google most likely paid him accidentally. Turns out he was right.
In a statement to NPR, a Google spokesperson said: “Our team recently made a payment to the wrong party as the result of human error. We appreciate that it was quickly communicated to us by the impacted partner, and we are working to correct it.”
The company intended to get the money back, the spokesperson said.
For his part, Curry said he was curious how often something like this happens at Google and what systems the company has in place to check for similar errors.
As of Thursday afternoon, he said he still had the money in his account.
Become an NPR sponsor
Google says it accidentally paid a self-proclaimed hacker $250,000 – NPR