Your cart is currently empty!
He Bought google.com for $12; Google Paid Him Big to Get It Back
Imagine realizing you accidentally bought the most powerful website on the internet for less than the price of a movie ticket. While major tech companies spend billions securing their digital borders, sometimes a tiny administrative oversight can leave the front door completely unlocked.
Contents
show
In 2015, one late-night browsing session proved that even the most advanced systems in the world are not entirely foolproof. What started as a curious experiment led to a highly unusual sequence of events involving a twelve-dollar credit card charge, temporary control over a global search engine, and an unexpected charitable twist.
The $12 Midnight Shopping Spree That Bought Google
Late-night online window shopping is a common habit. But for one business student, a simple browsing session turned into an accidental purchase of the most famous website in the world.
In September 2015, Sanmay Ved, a former Google employee, was wide awake at 1:20 a.m. exploring the Google Domains platform. Just to see what would happen, he typed “google.com” into the search bar. Logically, a domain that handles billions of searches a day should be completely locked down. Yet, the screen showed it was available.
A green checkmark appeared next to the name, allowing him to add the address to his shopping cart. Assuming the system would eventually catch the glitch and block the transaction, Ved clicked through to the checkout page. He fully expected an error message to pop up.
Instead, the payment was successfully processed. His credit card was charged a grand total of $12. In that exact moment, the internet’s biggest search engine officially belonged to a single individual.
Tech companies spend millions on cybersecurity and digital infrastructure to prevent exactly this kind of situation. However, a simple administrative oversight allowed someone to buy the ultimate digital real estate for the price of a fast food meal. It is a story that proves even the most sophisticated systems in the world are still vulnerable to simple errors.
A One-Minute Reign Over the Web
As soon as the checkout was complete, the reality of the situation became clear. The new owner immediately started receiving internal emails from Google’s administrative teams. These were not standard customer service messages but automated notifications that proved ownership had actually been transferred.
The Google Search Console, a dashboard used to manage website presence, automatically updated to grant webmaster access to Google.com. The student suddenly had visibility into highly sensitive notifications and ownership changes for various websites powered by the platform. For a brief moment, an outsider held the keys to the kingdom.
However, the ultimate control did not last long. Because the registration service used was Google Domains, the company had the power to intervene directly. Within about a minute, the system caught the massive error. The website buying service sent a cancellation message, stating that the domain could not be taken over, and the twelve-dollar payment was quickly refunded.
Unlike a famous 2003 incident where Microsoft temporarily lost its Hotmail UK domain to a third-party registrar and struggled to get it back, Google had the home-field advantage. They were able to swiftly revoke the access. Still, the brief window of ownership was already fully documented through screenshots of credit card charges and internal emails.
Rewarding the Discovery
After the cancellation, the former employee took immediate action. Rather than keeping the incident quiet or trying to exploit the brief access, he compiled his screenshots and evidence. He then reported the entire event to the Google Security team.
Major tech companies rely heavily on independent researchers and tech enthusiasts to find hidden flaws in their systems. To encourage this, they offer what are known as “bug bounties.” These programs provide financial rewards to individuals who responsibly report vulnerabilities before malicious hackers can take advantage of them.
The security team quickly acknowledged the report and launched an investigation into the domain buying system. Once they verified the massive loophole, they reached out to the student. Because of how responsibly the situation was handled, the company was eager to issue a bug bounty for the discovery.
In a playful nod to the corporate brand, the initial reward offered was $6,000.13. If you look closely at the numbers, they visually resemble the word “Google.” It was a lighthearted response to a security flaw that could have been disastrous in the wrong hands.
Doubling Down on Doing Good
When presented with the quirky financial reward, the former employee made an unexpected decision. He communicated to the security team that his actions were never motivated by money. Instead of keeping the bug bounty for himself, he requested that the entire amount be donated to charity.
He specifically chose the Art of Living India Foundation, directing the funds toward their education initiatives. This organization operates 404 free schools across 18 states in India. Their programs provide essential education to more than 39,200 children living in rural, tribal, and slum communities where poverty and child labor remain significant challenges. The foundation focuses on nurturing the complete development of these students.
Upon hearing about this charitable intention, the tech giant responded with an impressive gesture of its own. Because the money was going to a good cause, the company decided to double the original reward. The final donation reached $12,000.
This exchange turned a simple technical oversight into a deeply positive outcome. What began as a late-night web browsing session ultimately funded education for children thousands of miles away.
A Lesson in Digital Humility
Buying Google.com for twelve dollars is an entertaining piece of internet history, but it offers a highly practical lesson. The internet is built and maintained by humans, which means it will always be prone to errors. Even the most well-funded tech giants can make simple administrative mistakes.
Acknowledging these blind spots is exactly why tech companies continue to invest in community-driven security. Google has since expanded its reward programs to include new frontiers like artificial intelligence. As digital tools become more complex, relying on independent researchers remains a necessary part of keeping platforms secure from outside threats.
However, for the average internet user, the main takeaway is not about hunting for lucrative bugs. It is about maintaining a healthy dose of digital skepticism and taking personal security seriously. If a global powerhouse can accidentally sell its primary web address due to a system glitch, regular consumers must remember that their own personal data requires active protection.
The most feasible way to navigate the web is to assume that no system is entirely flawless. Practicing basic digital hygiene goes a long way. Setting up two-factor authentication, using unique passwords, and staying alert for unusual account activity are small habits that build a strong defense. The internet is an incredible tool, but staying proactive is the best way to safely use it.