United hackers snatch million free flight miles bounty

Two hackers were awarded a million frequent-flier miles each on United Airlines for spotting security holes in the airline’s computer systems.

The flight provider started operating a “bug bounty” scheme in May that rewards tech-savvy people for privately disclosing security flaws rather than sharing them online. Even though it is common for technology companies to offer the so-called bug-bounties, they tend to be unusual in the transportation industry.

The award was the maximum reword, enough for several first-class trips to Asia or up to 20 round-trips in the US. United spokesman Luke Punzenberger declined to say what kinds of flaws the hackers found, but said their information had been turned over to company researchers. “We’re confident that our systems are secure,” he said.

One security expert said the scheme was a big step forward for online security.

“Schemes like this reward hackers for finding and disclosing problems in the right way. That makes the internet safer for all of us,” said security consultant Dr Jessica Barker.

“Bug bounties are common in tech companies as they tend to understand online security a bit more, but other industries are catching up,” she added.

United Airlines has had problems caused by tech glitches in the past and last week, a router malfunction in its computer system grounded 4,900 flights worldwide for almost two hours, causing major disruptions. The company said the issue was caused by a “network connectivity issue” leading to 800 flight delays and 60 cancellations. On June 2, the airline had to halt all take-offs in the US because of what it described as “computer automation issues”.

Tech companies like Google, Yahoo, Microsoft and others use bounties to enlist so-called white-hat hackers with enough specialised skill to spot security flaws before cybercriminals could use them to hack websites or steal data. Facebook, for example, asks hackers for “reasonable time” before going public with their findings.

In this case, receiving flight rewards, hackers are forbidden from revealing the nature of the security holes they discovered. “We believe that this program will further bolster our security and allow us to continue to provide excellent service,” United said on its website.

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them