Dutch Hacker Earns One Million United Airlines Miles For Finding Security Flaws
Never did this 19-year old security researcher think that discovering vulnerabilities in an airline’s system would earn him one million frequent flyer miles. That’s right!
Based in the Netherlands, Olivier Beg discovered 20 separate security flaws within United Airlines’ computer systems. As a reward, the airlines offered million United MileagePlus miles — a $25,000 value – for revealing 20 bugs to United’s program, as part of a challenge to help the company fix security flaws on its website.
The bug bounty scheme was introduced by the airlines in May 2015 calling it an extension of its commitment to protecting customers’ privacy and the personal data they share with the airline. Through this scheme, they want to encourage bug hunters to discover and report vulnerabilities in the system responsibly to the airline rather than publish them online.
This week, Beg flew to Las Vegas for hacker conferences using part of his winnings. According to Netherlands Broadcasting Foundation, the flights to Vegas cost Beg only 60,000 airline miles and €5 in airport taxes.
United Airlines’ bug bounty program rewards security researchers up to one million flyer miles for reporting remote code execution bugs, 250,000 miles for medium-severity bugs, and 50,000 miles for low-severity issues.
Beg reported about 20 bugs to United Airlines, wherein his highest single reward earned was 250,000 miles. However, he collected 1 million miles in total. He wouldn’t reveal what flaws he found.
At the age of 13, Beg began hacking companies to expose security flaws and in the process discovered flaws in the code for Facebook and PayPal, which fetched him $5,000. Currently, Beg is working as the head researcher for cybersecurity firm, Zerocopter, and says he hacks for fun. However, he thinks he could easily make a living out of it. “I know a hacker who earned 250 thousand euros in two years,” he added.
Bug bounty programs are not a new idea for the industry. Tech giants including Apple, Facebook and Google all offer awards to those who can point out flaws in their programs. Until date, United is the only U.S. airline to offer a bug bounty.