United Pays out 1 Million Miles for Bug Report!

Back in May when United announced that they were awarding up to 1 million miles as a bounty for security bugs. Well, not even two months later, they have already paid out!

UA Bug Bounty

From the Threatpost:

Jordan Wiens, who founded a security company in Florida called Vector 35 and not too long ago worked for a government contractor, submitted what he thought were a couple of “lame” bugs to United’s two-month-old bug bounty program—his first commercial bounty submission. The payoff was anything but weak.

“There were actually two bugs that I submitted that I were pretty sure were remote code execution, but I also thought they were lame and wasn’t sure if they were on parts of the infrastructure that qualified,” Wiens said. “My expectation was that they counted, but I figured they’d award me 50,000 miles or something smaller.”Instead, he got a message from United asking him to confirm his U.S. citizenship and whether the research was done on U.S. soil. “I was hoping this wasn’t a honeypot,” Wiens joked. “Two hours later, I got a message to check my account that I had gotten my million miles.

Check out their full post here for full details on the bugs Jordan submitted to the United Airlines bug bounty program.


The responses below are not provided or commissioned by the bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by the bank advertiser. It is not the bank advertiser's responsibility to ensure all posts and/or questions are answered.



  1. The big disconnect here is that, as a PR stunt, it is so far beyond any normal person’s understanding, that all us, uh, “humans” just shrug and think, “Well, another techy just got a ton of something I wish I had but I have NO idea what anyone’s talking about.” As an IT stunt, it was probably pretty successful, because a million of something that isn’t dollars is pretty cheap for a company that can make that something out of thin air.

Leave a Reply

Your email address will not be published. Required fields are marked *