Why United Airlines Gave Hackers Millions Of Frequent Flyer Miles (On Purpose)

If we were to tell you that today hackers are walking around with a few million frequent flyer miles care of United Airlines, your first thought might be that they had been the victims of a data breach at the hand of cybercriminals.

And though these days that is a depressing safe assumption, in this case, it would be wrong. Those hackers have those miles because they likely prevented a cyberattack by discovering flaws in United’s Web security system and reporting them before a criminal could find them.

It’s called a bug bounty, and it is a clever way to set white-hat security researchers against black-hat cybercriminals. And though popular across industries — most of the major tech players have them, usually associated with a cash reward — they are almost unheard of in the airline industry until now.

Four of United’s competitors were contacted by Reuters to see if they were looking into a similar program. Three declined to comment on bug bounty programs; the fourth was not available.

United launched its bug bounty in May.

“We believe that this program will further bolster our security and allow us to continue to provide excellent service,” United said on its website.

Recently, United has had its share of trouble with tech. The airline found itself locked out of its reservations system, preventing customers from checking in and leaving the company unable to dispatch its flight plan since the software that handles it was (in technical language) “zapped.”

The “hacker” who collected the first bug bounty was Jordan Wiens. The cyber vulnerability researcher tweeted that he had found a bug that could have theoretically allowed hackers to take over United’s websites.

“It’s really interesting that United did what they did,” he said in an interview. “There actually aren’t that many companies in any industry outside of technology that do bug bounties.”

The terms of the agreement with United prevent Wiens from disclosing much of the specifics of the vulnerability. It also prevented him from attempting to exploit the bug after finding it, which means even he doesn’t know how big a risk there was.

To check out what else is HOT in the world of payments, click here.


Latest Insights:

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. The PYMNTS Next-Gen AP Automation Tracker, is a monthly report that highlights the most recent accounts payable developments and automated solutions that are disrupting how businesses process invoices, track spending and earn rebates on transactions.

Click to comment


To Top