United Airlines Now Offers Up to 1 Million Miles To Successfully Hack Their IT Systems Through ‘Hacking For Bounty’ Rewards


If you’d like to earn plenty of United Frequent Flier Miles without actually having to fly or churn through credit cards there might be a way in case you’re a talented IT crack: Hacking!

United Hacking

United Airlines introduced a so called ‘Hacking for Bounty’ program earlier this year which rewards people for notifying the company about security issues and other vulnerabilities within their computer systems.

This sound like a dream come true right? You can hack your favorite (or most hated) airline and even get rewarded for that!

Travel+Leisure (access here) wrote a 19 year old who already collected one million miles from United.

Olivier Beg, a 19-year old security researcher based in the Netherlands, flew to Las Vegas for hacker conferences this week using part of a bounty of 1,000,000 million frequent flyer miles he earned from United Airlines as part of a challenge to help the company fix security flaws on its website. …

United Airlines’ bug bounty program will reward hackers with 1 million miles for remote code execution, 250,000 miles for medium-severity bugs, and 50,000 miles for low-severity issues.

Beg reported 20 separate security flaws to United. The largest single reward he earned was 250,000, but in total he collected 1 million miles.

Since United’s initiative was launched last year, a number of hackers have earned its top prize, including Kyle Lovett, a security penetration tester at Cisco Systems. To date, United is the only U.S. airline to offer a bug bounty.

For sure the most efficient method to get rid of your IT issues since it’s well known that people will go to extreme lengths for miles. Maybe Hyatt should follow suit because their entire IT department is essentially useless as their usual production of website malfunctions and designs proves.

You can find more information about United’s Hacking Incentive Program here.

At United, we take your safety, security and privacy seriously. We utilize best practices and are confident that our systems are secure. We are committed to protecting our customers’ privacy and the personal data we receive from them, which is why we are offering a bug bounty program — the first of its kind within the airline industry. We believe that this program will further bolster our security and allow us to continue to provide excellent service. If you think you have discovered a potential security bug that affects our websites, apps and/or online portals, please let us know. If the submission meets our requirements, we’ll gladly reward you for your time and effort.

There are however some things that are absolutely not permitted under this program.

Attempting any of the following will result in permanent disqualification from the bug bounty program and possible criminal and/or legal investigation. We do not allow any actions that could negatively impact the experience on our websites, apps or online portals for other United customers.

  • Brute-force attacks
  • Code injection on live systems
  • Disruption or denial-of-service attacks
  • The compromise or testing of MileagePlus accounts that are not your own
  • Any testing on aircraft or aircraft systems such as inflight entertainment or inflight Wi-Fi
  • Any threats, attempts at coercion or extortion of United employees, Star Alliance member airline employees, other partner airline employees, or customers
  • Physical attacks against United employees, Star Alliance member airline employees, other partner airline employees, or customers
  • Vulnerability scans or automated scans on United servers (including scans using tools such as Acunetix, Core Impact or Nessus)

Talk about taking the ‘F’ out of fun United!


If IT is your specialty then go ahead and go after United, hopefully you’ll be the next mileage millionaire. What I especially love about this is that age is absolutely irrelevant in this field, only talent is what counts and these college kids are smart so beware!