United Offering up to 1 Million Miles for Reporting Security Bugs
This post contains references to products from one or more of our advertisers. We may receive compensation when you click on links to those products. Terms apply to the offers listed on this page. For an explanation of our Advertising Policy, visit this page.
Update: Some offers mentioned below are no longer available. View the current offers here – United MileagePlus Explorer Card
If you’re a hacker who’s been making a long list of United’s website bugs, there’s never been an easier way to earn (up to) a million miles. United is offering a bounty of miles to customers who discover potential bugs on its website and apps. While incentivizing users to improve security is nothing new in the tech world, United is the first airline to adopt such a program.
In true airline fashion, there are multiple “redemption levels,” depending on the type of security hole you find. If you don’t recognize any of the vulnerability categories below, your best bet is probably to sign up for a credit card instead, such as the United MileagePlus Explorer Card, which is currently offering 50,000 bonus miles after you spend $3,000 in the first three months. IT pros might be more interested in these options:
Low (50,000 miles)
- Cross-site scripting
- Cross-site request forgery
- Third-party issues that affect United
Medium (250,000 miles)
- Authentication bypass
- Brute-force attacks
- Potential for personally identifiable information (PII) disclosure
- Timing attacks
High (1,000,000 miles)
- Remote code execution
Lest you thought this was an opportunity to try a DDOS attack in the name of quality control, United has a list of methods that are strictly forbidden (and very illegal). You can find the rest of the specifics on the bug bounty program, including where to send your discoveries, when you visit the program page here. And do let us know if your sleuthing leads to a mileage jackpot!