Earlier in the year, 10k frequent flier accounts were hacked, United is trying to make up for this by leveraging the expertise of the broader community of software engineers. To be clear, this program is not related to any of the third party customer facing web properties or apps.
In the wake of a high-profile frequent flier account hack, United Airlines has rolled out a bug bounty program, promising airline miles for vulnerabilities. A lot of miles too: up to 1 million for a remote code execution flaw.
United said that it’s looking for issues that affect the confidentiality, integrity and/or availability of customer or company information. The eligible list includes: Authentication bypass; bugs on customer-facing websites, the United app or third-party programs loaded by united.com or its other online properties; cross-site request forgery (CSRF) and cross-site scripting (XSS); potential for information disclosure; remote code execution; timing attacks that prove the existence of a private repository, user or reservation; and the ability to brute-force reservations, MileagePlus numbers, PINs or passwords.
Latest posts by Andy (see all)
- 3 Things Stranger Things Gets Right - August 25, 2017
- The Future of Remote Gambling - July 19, 2017
- Keeping Your PC Safe From the Dangers of the Internet in 2017 - June 26, 2017
What other industries has implemented bug bounties? It seems that they are very confident that this will prevent rather than encourage additional breaches. I do not know about anyone else, but this is very concerning.