United Offers Up to 1 Million Miles for Identifying IT Vulnerabilities

United launched a ‘bug bounty’ program where they will provide miles to the first person who identifies and submits a security vulnerability.

Rewards to the general public for identifying software glitches date to Netscape twenty years ago, and programs are common to companies like Google, Microsoft, and Yahoo.

United’s program is limited to security vulnerabilities, and merely identifying a vulnerability doesn’t guarantee a fix. (They aren’t going to reward anyone for telling them that their system errors out at purchase, or fails to properly reissue tickets.)

A bug bounty program permits independent researchers to discover and report issues that affect the confidentiality, integrity and/or availability of customer or company information and rewards them for being the first to discover a bug.

Be good, though — United provides fair warning that if your strategy for identifying these issues involves code injection on live systems, DDOS attacks, or testing on aircraft or inflight entertainment systems, you could go away for a very long time.

This is a brilliant move by United. The rewards are comparatively generous. And other airlines should copy this. (Believe it or not, United is an industry leader, and Delta should copy them..!)

About Gary Leff

Gary Leff is one of the foremost experts in the field of miles, points, and frequent business travel - a topic he has covered since 2002. Co-founder of frequent flyer community InsideFlyer.com, emcee of the Freddie Awards, and named one of the "World's Top Travel Experts" by Conde' Nast Traveler (2010-Present) Gary has been a guest on most major news media, profiled in several top print publications, and published broadly on the topic of consumer loyalty. More About Gary »

More articles by Gary Leff »



  1. ha no way i will participate in this. I know of a vulnerability that is worth way more than 1 milion miles. I am sure other hackers will do the same.

  2. Let me guess: for vulnerabilities on Star Alliance partners they’ll be paying 2x to 3x?

  3. Wonder if someone does find the bug and gets the reward would they be taxed on it (since not given as a marketing/discount/promotion/rebate). Read somewhere that some contests/drawings where the prize is not money the taxes owed are not worth what the person owes the taxes owed on the suppose prize.

Comments are closed.