Dutch Hacker Earns One Million United Airlines Miles For Finding Security Flaws
Never did this 19-year old security researcher think that discovering vulnerabilities in an airlineโs system would earn him one million frequent flyer miles. Thatโs right!
Based in the Netherlands, Olivier Beg discovered 20 separate security flaws within United Airlinesโ computer systems. As a reward, the airlines offered million United MileagePlus miles โ a $25,000 value – for revealing 20 bugs to Unitedโs program, as part of a challenge to help the company fix security flaws on its website.
The bug bounty scheme was introduced by the airlines in May 2015 calling it an extension of its commitment to protecting customersโ privacy and the personal data they share with the airline. Through this scheme, they want to encourage bug hunters to discover and report vulnerabilities in the system responsibly to the airline rather than publish them online.
This week, Beg flew to Las Vegas for hacker conferences using part of his winnings. According to Netherlands Broadcasting Foundation, the flights to Vegas cost Beg only 60,000 airline miles and โฌ5 in airport taxes.
United Airlinesโ bug bounty program rewards security researchers up to one million flyer miles for reporting remote code execution bugs, 250,000 miles for medium-severity bugs, and 50,000 miles for low-severity issues.
Beg reported about 20 bugs to United Airlines, wherein his highest single reward earned was 250,000 miles. However, he collected 1 million miles in total. He wouldn’t reveal what flaws he found.
At the age of 13, Beg began hacking companies to expose security flaws and in the process discovered flaws in the code for Facebook and PayPal, which fetched him $5,000. Currently, Beg is working as the head researcher for cybersecurity firm, Zerocopter, and says he hacks for fun. However, he thinks he could easily make a living out of it. โI know a hacker who earned 250 thousand euros in two years,โ he added.
Bug bounty programs are not a new idea for the industry. Tech giants including Apple, Facebook and Google all offer awards to those who can point out flaws in their programs. Until date, United is the only U.S. airline to offer a bug bounty.