United’s Million-Mile Bug Bounty Paying Off for Some
This post contains references to products from one or more of our advertisers. We may receive compensation when you click on links to those products. Terms apply to the offers listed on this page. For an explanation of our Advertising Policy, visit this page.
Per Twitter user (and newly minted MileagePlus millionaire) @psifertex, United Airlines appears to be making good on its promise to award users for submitting security bugs.
As a reminder, you can earn between 50,000 and 1,000,000 miles for submitting bugs. Miles are awarded according to the following criteria:
Low (50,000 miles)
- Cross-site scripting
- Cross-site request forgery
- Third-party issues that affect United
Medium (250,000 miles)
- Authentication bypass
- Brute-force attacks
- Potential for personally identifiable information (PII) disclosure
- Timing attacks
High (1,000,000 miles)
- Remote code execution
We have seen reports from members who have submitted legitimate bugs without receiving a response from United, but it appears that the airline may just be slowly working through a backlog. If you’ve submitted a bug for consideration, don’t give up hope just yet.
H/T: Wandering Aramean
Welcome to The Points Guy!