Hyatt Will Pay You to Hack Their Systems

The Marriott data breach is one of the biggest we’ve seen, certainly the biggest in travel. There are hundreds of millions of records, and even millions of compromised passports. There’s probably even proprietary data that’s been compiled on you which has been taken that they haven’t even disclosed.

There are several things you can do to protect yourself from hacks but most of our identifying data has already been taken in various data breaches. Companies have to do better.

Hackers even pay out points to get people to help them, so loyalty programs can learn a thing or too. United has a bug bounty program paying out up to a million miles for identifying vulnerabilities.

Now Hyatt has a bug bounty program, too. (HT: Traveling for Miles) They’ll pay out up to $4000 per vulnerability:

It’s a new program, they’ve already had submissions and payouts, though most have been small:

I’ve never thought much of Hyatt’s IT, but whether or not it’s functional isn’t the issue here. How easy is it to infiltrate or bring down?

Bear in mind that if your strategy for identifying eligible issues involves code injection on live systems, DDOS attacks, or physical intrusions, you could go away for a very long time. But if you can hack World of Hyatt and roll everything back to Gold Passport? Totally worth it.

About Gary Leff

Gary Leff is one of the foremost experts in the field of miles, points, and frequent business travel - a topic he has covered since 2002. Co-founder of frequent flyer community, emcee of the Freddie Awards, and named one of the "World's Top Travel Experts" by Conde' Nast Traveler (2010-Present) Gary has been a guest on most major news media, profiled in several top print publications, and published broadly on the topic of consumer loyalty. More About Gary »

More articles by Gary Leff »


  1. I don’t know any coders in the US who would waste their time for this type of payout. This program must be outsourced to foreigners.

Leave a Reply

Your email address will not be published. Required fields are marked *