Ezequiel Pereira, of Montevido, discovered the bug last month during a break from school.
“I was really bored at home, during my winter vacation," Pereira, who blogged about his discovery, told ABC News by email. "And luckily that day I had the idea to do the trial and error that led to the discover.”
The security bug Pereira discovered was in Google's AppEngine server. He was able to find a point of access to part of internal Google infrastructure related to AppEngine -- the dashboard for the company’s technology support team, for example -- without being authenticated.
“We had seen something similar before and we fixed it but he found a part that hadn’t fixed it correctly,” Eduardo Vela, Google's Vulnerability Rewards Program Technical Lead, told ABC News. “He was looking in the right place at the right time.”
Pereira opened the email notifying him that he won the $10,000 award this month while riding the bus home from school.
“My reaction was really calm. I’m a really calm person,” he said. “I just thought, ‘Great,’ and called my mother to let her know.”
Google has distributed monetary prizes to non-employees who self-submit their findings since 2010 through its Vulnerability Rewards Program. The amount of money awarded ranges from $100 to $31,357, according to Nava.
Pereira hopes to attend college in the U.S. and plans to save the $10,000.
He received his first computer at the age of 10 through a government program that gave computers to public school students.
“The thing I love of computers is that they are capable of doing everything if you give them enough resources and you know how to tell them to do anything,” he said. “Homework is boring. Looking for bugs is fun.”