United Airlines Rewards Two Hackers A Million Air Miles Each For Spotting Security Flaws

United Airlines has given a million air miles each to two hackers who spotted potential security holes on its website.

The two lucky hackers were awarded the top ‘bounty’ offered by United as part of a scheme where it rewards people who privately report online security flaws to them, rather than making them public.

In return for receiving their flight miles, the hackers are effectively silenced and are not allowed to reveal the details of the security bugs that they discovered.

A statement on the airline’s website explains the thinking behind the scheme:

“At United, we take your safety, security and privacy seriously. We utilize best practices and are confident that our systems are secure. We are committed to protecting our customers’ privacy and the personal data we receive from them, which is why we are offering a bug bounty program — the first of its kind within the airline industry.

“We believe that this program will further bolster our security and allow us to continue to provide excellent service. If you think you have discovered a potential security bug that affects our websites, apps and/or online portals, please let us know. If the submission meets our requirements, we’ll gladly reward you for your time and effort.

While ‘bug bounties’ are common practice among tech brands, they are not so frequently used among other types of company.

While schemes like this may provide a useful - and legal - channel for hackers to use their craft, critics argue that relying on external hackers discourages companies from hiring professional in-house online security staff.

Security consultant Dr Jessica Barker told the BBC: ”Schemes like this reward hackers for finding and disclosing problems in the right way. That makes the internet safer for all of us.”

(Image credit: Sky News)