United's Million-Mile Bug Bounty Paying Off for Some

The cards we feature here are from partners who compensate us when you are approved through our site, and this may impact how or where these products appear. We don’t cover all available credit cards, but our analysis, reviews, and opinions are entirely from our editorial team. Terms apply to the offers listed on this page. Please view our advertising policy and product review methodology for more information.

Per Twitter user (and newly minted MileagePlus millionaire) @psifertex, United Airlines appears to be making good on its promise to award users for submitting security bugs.

United issued 1,000,000 miles to at least one lucky bug submitter.

As a reminder, you can earn between 50,000 and 1,000,000 miles for submitting bugs. Miles are awarded according to the following criteria:

Low (50,000 miles)

Cross-site scripting
Cross-site request forgery
Third-party issues that affect United

Medium (250,000 miles)

Authentication bypass
Brute-force attacks
Potential for personally identifiable information (PII) disclosure
Timing attacks

Daily Newsletter

Reward your inbox with the TPG Daily newsletter

Join over 700,000 readers for breaking news, in-depth guides and exclusive deals from TPG’s experts

High (1,000,000 miles)

Remote code execution

We have seen reports from members who have submitted legitimate bugs without receiving a response from United, but it appears that the airline may just be slowly working through a backlog. If you've submitted a bug for consideration, don't give up hope just yet.

H/T: Wandering Aramean[card card-name='Chase Sapphire Preferred® Card' card-id='22125056' type='javascript' bullet-id='1']

Featured image by United is now allowing airport agents to issue up to $125 certificates to customers with minor complaints.