Olivier Beg, a 19-year-old security researcher based in the Netherlands, may be one of the youngest people ever to accumulate 1 million frequent flyer miles. Also unusual, he didn’t earn them by flying.
Beg earned the 1 million frequent flyer miles as the bounty of a challenge to help the company fix security flaws on its website. This week, Beg flew to Las Vegas for hacker conferences using part of his winnings. As first reported by the Netherlands Broadcasting Foundation and ZDNet, the Vegas trip only cost Beg 60,000 miles and 5 euros for airport taxes.
United Airlines’ UAL -0.36% bug bounty program will reward hackers with 1 million miles for remote code execution, 250,000 miles for medium-severity bugs, and 50,000 miles for low-severity issues.
Beg reported 20 separate security flaws to United. The largest single reward he earned was 250,000, but in total he collected 1 million miles.
The teenager began hacking companies to expose security flaws when he was 13 years old and eventually discovered flaws in the code for Facebook and Paypal, earning him $5,000. Beg’s LinkedIn page lists “ethical hacker” as his most endorsed skill. He currently works as the head researcher for cybersecurity firm Zerocopter.
Since United’s initiative was launched last year, a number of hackers have earned its top prize, including Kyle Lovett, a security penetration tester at Cisco Systems. To date, United is the only U.S. airline to offer a bug bounty. Major car companies offer their own bug-crushing rewards including General Motors, Fiat Chrysler, and Tesla, and earlier this year, the Pentagon and Apple both announced hacking-for-bounty programs.