Earlier in the year, 10k frequent flier accounts were hacked, United is trying to make up for this by leveraging the expertise of the broader community of software engineers. To be clear, this program is not related to any of the third party customer facing web properties or apps.
In the wake of a high-profile frequent flier account hack, United Airlines has rolled out a bug bounty program, promising airline miles for vulnerabilities. A lot of miles too: up to 1 million for a remote code execution flaw.
United said that it’s looking for issues that affect the confidentiality, integrity and/or availability of customer or company information. The eligible list includes: Authentication bypass; bugs on customer-facing websites, the United app or third-party programs loaded by united.com or its other online properties; cross-site request forgery (CSRF) and cross-site scripting (XSS); potential for information disclosure; remote code execution; timing attacks that prove the existence of a private repository, user or reservation; and the ability to brute-force reservations, MileagePlus numbers, PINs or passwords.
Latest posts by Andy (see all)
- BEST SOCIAL MEDIA PLATFORMS TO CONSIDER FOR BUSINESS VISIBILITY - March 27, 2018
- Early Earthquake Warnings Through Gravity Waves - December 4, 2017
- Tech billionaires spent $170 million on a new kind of school — now classrooms are shrinking and some parents say their kids are ‘guinea pigs’ - November 28, 2017
What other industries has implemented bug bounties? It seems that they are very confident that this will prevent rather than encourage additional breaches. I do not know about anyone else, but this is very concerning.