Dutch Teen Collects One Million United Airlines Miles For Finding Security Flaws

Image courtesy of Adam Fagen

Next time you’re sitting on a United Airlines flight next to a European teenager getting the royal treatment, it could be the latest young hacker to figure out a security flaw in the airline’s network.

A year after United’s bug bounty program doled out one million miles to a security researcher who uncovered the first flaw, a Dutch teen has become the second to earn a million miles from the airline.

ZDNet reports that 19-year-old Olivier Beg submitted 20 bugs to United’s program, netting him one million miles — a $25,000 value.

While the first flaw reported to United under the program was enough to earn a hacker one million miles, Beg pieced together his haul over time, with the largest issue grossing 250,000 miles.

The teen used the first part of his prize to travel to a hackers conference in Las Vegas recently, spending about 60,000 miles.

United launched the bug bounty program in May 2015, calling it an extension of its commitment to protecting customers’ privacy and the personal data they share with the airline.

The airline offers three bounties (or mileage amounts awarded) depending on the type and severity of bug found.

High severity bugs, such as a vulnerability that would allow a hacker to execute code on a United property, result in a pay out of as many as 1 million miles.

Medium severity flaws, which the airline says includes the ability to identify information of customers or bypassing login requirements, can result in a reward of up to 250,000 miles.

Smaller vulnerabilities, like third-party issues that affect United, come with a bounty of up to 50,000 miles.

This Dutch hacker can fly a million miles on his United Airlines bug bounty [ZDNet]

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.