eLearnSecurity Blog

2 Security Researchers Rewarded a Million Air Miles Each

Two Information Security researchers each received 1 Million Air Miles from United Airlines for uncovering vulnerabilities in their system.

A couple of months ago, we’ve written about this bug bounty reward program from this airline company and now two IT security researchers got themselves the maximum payout reward.

united airlines bug bounty reward

photo source: Aero Icarus

A report mentions that United Airlines did not disclose the names of the researchers but one of them, Jordan Wiens, tweeted about the bounty reward on his Twitter account.


Remote Code Execution Bug

The bug that Jordan found was a “remote code execution” vulnerability which allows an attacker to execute codes from a remote server. He mentions on Twitter that “it wasn’t technically challenging…” and expected less miles as he felt it wasn’t that important. But United Airlines has the last say and who knows what data is very open to attack once hackers are able to get into their system through that security flaw.

United Airlines is the biggest airline based on the number of the destinations that they serve. They value the importance of security and this program is a great incentive to bug bounty hunters to practice their skills in search of security flaws and vulnerabilities.

Luke Punzenberger, spokesman of United Airlines, said that aside from the two hackers, other researchers also received smaller rewards.

Web Application Penetration Testing Demo

WAPT product boxWant to catch bugs in web applications? Get the Demo of our Web Application Penetration Testing version 2 – WAPTv2 training course and learn to test apps for vulnerabilities. Get the demo here – WAPTv2 Demo


Tags: , , , ,

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Go to top of page