Earlier in the year, 10k frequent flier accounts were hacked, United is trying to make up for this by leveraging the expertise of the broader community of software engineers. To be clear, this program is not related to any of the third party customer facing web properties or apps.
In the wake of a high-profile frequent flier account hack, United Airlines has rolled out a bug bounty program, promising airline miles for vulnerabilities. A lot of miles too: up to 1 million for a remote code execution flaw.
United said that it’s looking for issues that affect the confidentiality, integrity and/or availability of customer or company information. The eligible list includes: Authentication bypass; bugs on customer-facing websites, the United app or third-party programs loaded by united.com or its other online properties; cross-site request forgery (CSRF) and cross-site scripting (XSS); potential for information disclosure; remote code execution; timing attacks that prove the existence of a private repository, user or reservation; and the ability to brute-force reservations, MileagePlus numbers, PINs or passwords.