Back in May when United announced that they were awarding up to 1 million miles as a bounty for security bugs. Well, not even two months later, they have already paid out!
From the Threatpost:
Jordan Wiens, who founded a security company in Florida called Vector 35 and not too long ago worked for a government contractor, submitted what he thought were a couple of “lame” bugs to United’s two-month-old bug bounty program—his first commercial bounty submission. The payoff was anything but weak.
“There were actually two bugs that I submitted that I were pretty sure were remote code execution, but I also thought they were lame and wasn’t sure if they were on parts of the infrastructure that qualified,” Wiens said. “My expectation was that they counted, but I figured they’d award me 50,000 miles or something smaller.”Instead, he got a message from United asking him to confirm his U.S. citizenship and whether the research was done on U.S. soil. “I was hoping this wasn’t a honeypot,” Wiens joked. “Two hours later, I got a message to check my account that I had gotten my million miles.
Check out their full post here for full details on the bugs Jordan submitted to the United Airlines bug bounty program.