United’s Million-Mile Bug Bounty Paying Off for Some

Jul 11, 2015

This post contains references to products from one or more of our advertisers. We may receive compensation when you click on links to those products. For an explanation of our Advertising Policy, visit this page.

Per Twitter user (and newly minted MileagePlus millionaire) @psifertex, United Airlines appears to be making good on its promise to award users for submitting security bugs.

United issued 1,000,000 miles to at least one lucky bug submitter.
United issued 1,000,000 miles to at least one lucky bug submitter.

As a reminder, you can earn between 50,000 and 1,000,000 miles for submitting bugs. Miles are awarded according to the following criteria:

Low (50,000 miles)

  • Cross-site scripting
  • Cross-site request forgery
  • Third-party issues that affect United

Medium (250,000 miles)

  • Authentication bypass
  • Brute-force attacks
  • Potential for personally identifiable information (PII) disclosure
  • Timing attacks

High (1,000,000 miles)

  • Remote code execution

United bug bounty program

We have seen reports from members who have submitted legitimate bugs without receiving a response from United, but it appears that the airline may just be slowly working through a backlog. If you’ve submitted a bug for consideration, don’t give up hope just yet.

H/T: Wandering Aramean

Editorial Disclaimer: Opinions expressed here are the author’s alone, not those of any bank, credit card issuer, airlines or hotel chain, and have not been reviewed, approved or otherwise endorsed by any of these entities.

Disclaimer: The responses below are not provided or commissioned by the bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by the bank advertiser. It is not the bank advertiser’s responsibility to ensure all posts and/or questions are answered.