Skip to main content

United Airlines dishes out air miles to hackers for exposing flaws

United Airlines has awarded a couple of hackers millions of frequent flier miles for uncovering vulnerabilities in the carrier’s web security without taking advantage of them, the media reported on Thursday.

This is the first event of this kind in the airline industry.

United confirmed with Reuters (opens in new tab)that it has paid out two awards worth 1 million miles each, worth dozens of free domestic flights on the airline.

Other individuals took to Twitter to say they too have been paid smaller awards, but United did not confirm it.

Bug bounty, or hunting for vulnerabilities in a company’s system, is a common occurrence in the tech industry, however it was never seen before in the airline industry. Through the program, researchers flag problems before malicious hackers can exploit them. The cost can be less than hiring outside consultancies, Reuters says.

United kicked the program off in May, two weeks before tech issues grounded its entire fleet twice.

"We believe that this program will further bolster our security and allow us to continue to provide excellent service," United said on its website, declining additional comment.

One of the hackers which exposed United’s bugs is Jordan Wiens, a researcher focused on cyber vulnerabilities. Last week he tweeted he was awarded 1 million miles for exposing a flaw that could have allowed hackers to seize control of one of the airline's websites.

Terms of the agreement prohibit Wiens from disclosing the bug he discovered. The terms also required that Wiens reveal the supposed problem to United without trying to exploit it, meaning he does not know how much information he could have accessed or manipulated.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.