College Student Has Earned 15 Million Miles by Hacking United
Update 7/13/2017: Ryan Pickren just donated one million of his United miles to Eckerd Kids — a charity based Ryan's hometown of Clearwater, Florida which provides "child welfare, juvenile justice, and work force development programs" to over 34,000 kids each year across 20 states.
Ryan describes his motivation for donating: "I have enjoyed volunteering for the organization and raising money for them in the past. They do a lot to improve our community and provide kids and families with the second chances that they deserve.”
The last time Georgia Tech student Ryan Pickren was in the news, he had been arrested and faced up to 15 years in jail. Two days before a rivalry football game, he hacked into rival University of Georgia's website to post a prediction for the game (caution: mild language). But now, he's using his hacking skills for good — and United has generously rewarded him for his work.
Business Insider reported Friday that Ryan has earned a total of 15 million United miles from "white hat" hacking United Airlines. White hat (as opposed to black hat) hackers are computer experts who hack systems, companies and websites to discover and report vulnerabilities. Even the Pentagon ran a white hat program this year.
Ryan's payout came from United's Bug Bounty Program, which offers a reward of up to 1,000,000 United miles for reporting "high severity" bugs. While Ryan was unable to comment to The Points Guy about how many and what types of bugs he found, we can assume that the reward of 15 million miles means Ryan has likely found and reported 15 major issues in United's systems. While it's concerning that the airline's systems were so porous, at least now United knows about these issues and can work to fix them.
Other white hat hackers have been wary of United's bug bounty program. Other bug bounty programs give hackers the ability to try more creative methods of finding security faults — as long as the hacker reports all findings. However, United's program threatens "possible criminal and/or legal investigation" for some of these methods. But, it seems these restrictions haven't dissuaded Ryan from searching and finding flaw after flaw with United's system.
The other major disadvantage of United's Bug Bounty is that the only payout is United miles. While TPG values United miles at 1.5 cents each, United values its miles rather proudly at 2 cents apiece. Other hackers have ended up with huge tax bills for their efforts. Hacker Jordan Wiens ended up having to pay taxes on $25,000 of income for earning 1.25 million United miles — even though he still hadn't redeemed any of the miles for travel.
At United's valuation of 2 cents per mile, Ryan Pickren will have to pay taxes on $300,000 of income. That's perhaps what has partially motivated his donation of 5 million United miles to Georgia Tech. Subject to IRS limitations, this donation will earn Ryan a deduction of $100,000. Ryan knows that Georgia Tech can use these miles to help student engineers make the world a better place — such as through the Georgia Tech Engineers Without Borders program to bring clean drinking water to Uganda.
Ryan initially started with the United Bug Bounty program to get enough miles to visit his girlfriend on the weekends. Well, now he can do a lot more than that! 15 million miles is enough for 600 domestic economy round-trips. But, having this many miles, he hopefully won't fly economy class for a while.
If he can find the time to travel in the next 11 months, there are some incredible stopover awards you can still book before October 6. With 15 million miles, he has enough miles to fly 100 times — or 100 people — from the US to Africa to Japan to the US, all in business class!
H/T: Business Insider
Fair disclosure: This article was written by a Georgia Tech grad. Go Jackets!