United Airlines came out with an unusual public request this week: Hack us, please.
In what it’s calling a “bug bounty” program, Chicago-based United is offering up to 1 million frequent-flier miles to anyone who can find bugs in its public technology systems, including those that safeguard passengers’ personal information.
“At United, we take your safety, security and privacy seriously,” United said in a posting on its website.
“We are committed to protecting our customers’ privacy and the personal data we receive from them, which is why we are offering a bug bounty program — the first of its kind within the airline industry. … If you think you have discovered a potential bug that affects our websites, apps and/or online portals, please let us know. If the submission meets our requirements, we’ll gladly reward you for your time and effort.”
People who discover a bug with high severity, such as remote code execution, could receive 1 million award miles in the airline’s MileagePlus program. Medium severity bugs receive 250,000 miles, and low severity bugs get 50,000 miles, according to a chart on united.com.
United outlines on the site the types of bugs that are eligible for submission. Only the first eligible person — United calls them “researchers” — can receive the awards.
United will not accept bugs associated with onboard systems, such as its Wi-Fi, entertainment or avionics.
A United spokesman confirmed the bug bounty program began this week, but said he had no information beyond what is listed on the website.
Copyright © 2015, Chicago Tribune