Two computer hackers have earned more than 1 Million frequent-flyer miles each from United Airlines for finding and reporting multiple security vulnerabilities in the Airline’s website.
Olivier Beg, a 19-year-old security researcher from the Netherlands, has earned 1 Million air miles from United Airlines for finding around 20 security vulnerabilities in the software systems of the airline.
Last year, Chicago-based ‘United Airlines’ launched a bug bounty program to invite security researchers and bug hunters for finding and reporting security holes in its websites, software, apps and web portals.
Under its bounty program, United Airlines offers a top reward of 1 Million flyer miles for reporting Remote Code Execution (RCE) flaws; 250,000 miles for medium-severity vulnerabilities, and 50,000 flyer miles for low-severity bugs.
According to Netherlands Broadcasting Foundation, the 19-year-old reported 20 security issues to United Airlines and the most severe flaw earned the teenager 250,000 air miles.
Beg did not reveal the details about the flaws he discovered, but the teenager claims to have reported flaws in software from popular tech companies including Yahoo, Google, and Facebook.
Another 23-years-old security researcher from Algeria reported three security issues under the airline’s bug bounty program and earned 1.7 Million flyer miles from the United Airlines.
Djaballah Mohamed Taher told The Hacker News that he reported Remote Code Execution, authorization bypass and Cross Site Scripting (XSS) flaws to the airline but did not detail the technical aspects given the program’s non-disclosure agreement.
Last year, Jordan Wiens was the first security researcher to earn United Airlines’ top reward of 1 Million Miles for finding a security bug that allowed him to seize control of one of the airline’s websites.
Bug bounty programs are very common among technology firms, including Google, Microsoft, and Facebook, who offer security researchers hundreds of thousands of dollars as rewards for exposing security weaknesses in their products.
Although, it’s good to see companies like United Airlines, Tesla, General Motors, Fiat Chrysler, welcoming vulnerability reports from researchers and rewarding them for their work.
Apple is the latest to announce the bug bounty program starting this fall to pay outside security researchers and white hat hackers for privately disclosing security issues in its products.
The company plans to offer rewards of up to $200,000, though the scope of its program has initially been kept invitation-only targeting a small range of Apple software including iOS and iCloud.