Hacker Earns 1.25 Million Free Frequent Flyer Miles On United Airlines


Hacker Earns 1.25 Million Free Frequent Flyer Miles On United AirlinesWhat if you get 1 Million Frequent Flyer Miles for Free? Yes, 1 Million Air Miles…

…I think that would be enough for several first-class trips to Europe or up to 20 round-trips in the United States.

Two Computer Hackers have earned more than 1 Million frequent-flyer miles each from United Airlines for finding multiple security vulnerabilities in the Airline's website.

Back in May this year, Chicago-based 'United Airlines' launched a bug bounty program and invited security researchers and bug hunters to find and report security vulnerabilities in its websites, software, apps and web portals.

Jordan Wiens, a security researcher from Florida and one of two bounty winners, tweeted last week that he earned United Airlines' top reward of 1 Million Miles for finding a flaw that could have allowed a hacker to seize control of one of the airline's websites.

Wiens is not allowed to disclose the technical details regarding the vulnerabilities, but in an emailInterview with The Hacker News, Jordan Wiens told that he earned total 1,250,000 Million Frequent Flyer Miles under United Airlines' Bug bounty program.
  • One Million Miles for reporting a serious Remote Code Execution (RCE) vulnerability in the United Airlines website.
  • Another 250,000 Frequent Flyer Miles for finding few more vulnerabilities in its website, including an information leakage bug.
Wiens has also confirmed The Hacker News that the flaws he reported to the Airlines were remotely exploitable.
The question here is -- "Could any of these bugs let an attacker to steal users’ data or has any ability to directly impact the flight system?"
To which, Wiens replied, "Unfortunately I have no idea what I could have done with it because I didn't actually exercise the flaw and find out what restrictions might have been enabled server-side."
United spokesman Luke Punzenberger said, "We're confident that our systems are secure," and they have patched all the backdoors into their systems before hackers could find and exploit them.

In the Tech World, supporting and running a bug bounty program is a significant step forward for online security, and such initiatives will definitely cost the airlines less than hiring high-profile consultants.

0 comments: