United Airlines hackers given million free flight miles under Bug-Bounty program

Wish to earn hundreds of dollars instantly or to fly around the world? Try Hacking.

Hackers are now earning brownie points for their talent outside the tech world. The second largest airline in the United States- United Airlines just rewarded two of its hackers one million free miles of travel each.

Since everything is turning automated, companies are being surrounded by software, and with a widespread use of this software, security breaches and cyber-attacks are becoming causes of concern all over the world. Thus, firms are introducing “bug-bounty” programs to reward hackers; not just in the technology sector but many other sectors as well.

A software vulnerability researcher, Jordon Wiens discovered and alerted the airlines of some software glitches and got awarded one million miles of travel through United’s “bug bounty” program. This would allow him to travel from the United States to Europe thirty-three times.

In addition to this, he had reported a separate software defect last week for which he won a quarter-million miles from the same airline. This would give him an opportunity to travel to Europe eight more times. His wife is already on board for the adventurous trip, and he called it a once in a lifetime opportunity in an interview.

These programs are immensely popular with tech giants like Google, Yahoo, Dropbox, Twitter and Facebook, who reward their hackers with cash incentives including hundreds of dollars for alerting the companies of software glitches on their websites. Facebook pays minimum $500, and Twitter pays at least $250 for the same. United Airlines rewards its hackers to alert the company about the security holes privately rather than sharing them online.

According to a post on its website, the flight provider stated “We are committed to protecting our customers’ privacy and the personal data we receive from them. We believe that this bounty program will further bolster our security and allow us to continue to provide excellent service.”

The airline recognized the need for such a program when on 2nd June, Airline’s flight dispatching system problem caused an hour for 150 United flights. Also on 8th June, United’s reservation system malfunctioned for two hours and did not allow passengers to check in for their flights. A software glitch called “remote code execution” was discovered by Wiens for the airline. This seems to be a fatal bug which allows a hacker to seize control of an entire device. Spotting this glitch earned him a million frequent flyer miles. The other bug spotted by him was related to data leak or ‘information disclosure’. He said he could not reveal specific details of his findings publicly since he was bound by rules of the contest.


These programs are also criticized by some as they claim that companies do not hire professional security staff since it is cheaper for the firms to offer cash incentives to hackers for alerting them of software glitches.

However, United Airline’s security consultant Dr. Jessica Barker counters the statement by saying “It encourages positive behavior and shows young hackers that they can benefit from doing the right thing. Also, Bounties can also benefit smaller companies who can’t afford to give out cash rewards but can offer free products or services, so I hope we’ll see more and more bug bounties”.