Skip to content

United's Million-Mile Bug Bounty Paying Off for Some

July 11, 2015
1 min read
United's Million-Mile Bug Bounty Paying Off for Some
This post contains references to products from one or more of our advertisers. We may receive compensation when you click on links to those products. Terms apply to the offers listed on this page. For an explanation of our Advertising Policy, visit this page.
Sign up for our daily newsletter

Per Twitter user (and newly minted MileagePlus millionaire) @psifertex, United Airlines appears to be making good on its promise to award users for submitting security bugs.

United issued 1,000,000 miles to at least one lucky bug submitter.

As a reminder, you can earn between 50,000 and 1,000,000 miles for submitting bugs. Miles are awarded according to the following criteria:

Low (50,000 miles)

  • Cross-site scripting
  • Cross-site request forgery
  • Third-party issues that affect United

Medium (250,000 miles)

  • Authentication bypass
  • Brute-force attacks
  • Potential for personally identifiable information (PII) disclosure
  • Timing attacks

High (1,000,000 miles)

  • Remote code execution
United bug bounty program

We have seen reports from members who have submitted legitimate bugs without receiving a response from United, but it appears that the airline may just be slowly working through a backlog. If you've submitted a bug for consideration, don't give up hope just yet.

H/T: Wandering Aramean[card card-name='Chase Sapphire Preferred® Card' card-id='22125056' type='javascript' bullet-id='1']

Featured image by United is now allowing airport agents to issue up to $125 certificates to customers with minor complaints.