A Reminder that Hacking an Airline's Website is Illegal
Last week, we reported that a man was sitting in a Florida jail awaiting trial for stealing American Airlines miles worth "more than $260,000," which he allegedly redeemed for hotels and rental cars. Knowing how easy it can be to rack up points and miles, it can be tempting to break the rules of frequent flyer programs, but breaking the law is a different matter entirely. So just like stealing someone else's miles is flat-out illegal, stealing travel certificates from an airline itself is just as much of a crime.
A Utah man, Ammon Cunningham, 28, was charged with felony computer crimes, theft, communications fraud and a pattern of unlawful activity — all of which are felony charges. According to United Airlines, Cunningham hacked the carrier's website between July 2012 and September 2012 and obtained PIN codes for the carrier's Electronic Travel Certificates. The ETCs had been given to United travelers but not yet redeemed. In all, Cunningham used 13 stolen PIN codes for personal travel and about 120 PIN codes for selling to others on sites like Craigslist.
Not only did Cunningham commit a crime by stealing these PIN codes, using them for himself or selling them, but he also threatened United Airlines. In September 2012, he contacted the carrier under an alias, claiming he "found a massive hole in the United.com website." He was willing to share with United what the hole was — if United gave him $10,000 and first-class tickets to any destination in the world for him and his family. United claims that the hacking by Cunningham cost it $58,123.
There's now a warrant for Cunningham's arrest with bail set at $50,000. This all happened before United's 'bug bounty' program. The program, which was introduced in 2015, rewards those who spot flaws or bugs in United's website with miles — there's a maximum payout of 1,000,000 miles for high-severity fixes. With new programs like this, United's hoping no one else is able to hack its system like Cunningham was able to do in 2012.