CHICAGO – Two skillful hackers just got a big payday from United Airlines: the company has confirmed that it paid out rewards of 1 million frequent flier miles each to two people who were able to uncover major flaws in its online security system.
RELATED: Hacked Video Surveillance Systems Pose Huge Threat
The airline’s “bug bounty” award program was started in May and is a first for a transportation company. The program used by United is not new and similar programs been used by Web sites and software developers for a number of years.
Individuals can receive compensation for reporting bugs, especially those that focus on vulnerabilities such as security or others that could be exploitive. The program allows developers to identify and resolve problems in their software before the public becomes aware of them.
RELATED: PSA Empowers Integrators With Cybersecurity Solutions Experts
The people receiving the bug bounties are known as “white-hat hackers.” The original bug bounty program was the brainchild of Jarrett Ridlinghafer. He came up with the idea while working at Netscape Communications Corp. as a technical support engineer.
United spokesman Luke Punzenberger said on Thursday (July 16) that Jordan Wiens, founder of a security company in Florida called Vector 35 is one of two winners of the 1 million frequent-flier miles prize. Other hackers got smaller prizes. The 1 million mile prize is enough to cover several first-class trips to Asia, or up to 20 round-trips in the U.S. CNN News channel says the prize will cover going around the world five times.
Wiens told the ThreatPost security blog his submission was the first time he had ever submitted to a bug bounty program. “There were actually two bugs that I submitted that I was pretty sure were remote code execution, but I also thought they were lame and wasn’t sure if they were on parts of the infrastructure that qualified.” He added, “My expectation was that they counted, but I figured they’d award me 50,000 miles or something smaller.”
United Airlines says they reward the finding of “basic third-party issues affecting its systems with 50,000 miles, exploits that could jeopardize the confidentiality of customer information get 250,000 miles, and major flaws related to remote-code execution earn a maximum of 1,000,000 miles.”
