United's Million-Mile Bug Bounty Paying Off for Some
Per Twitter user (and newly minted MileagePlus millionaire) @psifertex, United Airlines appears to be making good on its promise to award users for submitting security bugs.
As a reminder, you can earn between 50,000 and 1,000,000 miles for submitting bugs. Miles are awarded according to the following criteria:
Low (50,000 miles)
- Cross-site scripting
- Cross-site request forgery
- Third-party issues that affect United
Medium (250,000 miles)
- Authentication bypass
- Brute-force attacks
- Potential for personally identifiable information (PII) disclosure
- Timing attacks
High (1,000,000 miles)
- Remote code execution
We have seen reports from members who have submitted legitimate bugs without receiving a response from United, but it appears that the airline may just be slowly working through a backlog. If you've submitted a bug for consideration, don't give up hope just yet.