United Airlines Bug Bounty Program Could Reward You With Up to One Million Miles

I f the official Internet web site of United Airlines does not work properly, you now could be part of the reason if you did not act upon the new Bug Bounty program from which you could earn up to one million MileagePlus frequent flier loyalty program miles, pardner.

The Bug Bounty program — which is considered as an “experimental and discretionary reward program” — is an innovative idea which is indeed the first of its kind in commercial aviation which could potentially further bolster security and allow United Airlines to continue to provide excellent service; but to ensure that submissions and payouts are fair and impactful, the following eligibility requirements and guidelines apply to all researchers who submit bug reports:

All bugs must be new discoveries. Award miles will be provided only to the first researcher who submits a particular bug.
The researcher must be a MileagePlus member in good standing. If you’re not yet a member, join the MileagePlus program now.
The researcher must not reside in a country currently on a United States sanctions list.
The researcher submitting the bug must not be an employee of United Airlines, any Star Alliance member airline or any other partner airline, or a family member or household member of an employee of United Airlines or any partner airline.
The researcher submitting the bug must not be the author of the vulnerable code.

Bugs Which are Eligible for Submission

Authentication bypass
Bugs on customer-facing Internet web sites such as:
- united.com
- beta.united.com
- mobile.united.com
Bugs on the United Airlines mobile software application program
Bugs in third-party programs loaded by united.com or its other on-line properties
Cross-site request forgery
Cross-site scripting — also known as XSS
Potential for information disclosure
Remote code execution
Timing attacks that prove the existence of a private repository, user or reservation
The ability to brute-force reservations, MileagePlus numbers, PINs or passwords

Bugs Which are Not Eligible for Submission

Bugs that only affect legacy or unsupported browsers, plugins or operating systems
Bugs on internal sites for United employees or agents — not customer-facing
Bugs on partner or third-party websites or apps
Bugs on onboard Wi-Fi, entertainment systems or avionics
Insecure cookie settings for non-sensitive cookies
Previously submitted bugs
Self-cross-site scripting

Bounty Payout Structure

The chart shown below is the bounty payout structure, which is based on the severity and impact of bugs:

Severity	Examples	Maximum Payout
High	Remote code execution	1,000,000 MileagePlus miles
Medium	Authentication bypass Brute-force attacks Potential for personally identifiable information — or PII— disclosure Timing attacks	250,000 MileagePlus miles
Low	Cross-site scripting Cross-site request forgery Third-party issues which affect United Airlines	50,000 MileagePlus miles

How to Submit

If you think you have discovered an eligible bug, United Airlines is interested in working with you to resolve the issue — but you should follow these four steps:

Please send an e-mail message to bugbounty@united.com and include “Bug Bounty Submission” in the subject line.
Within the body of the e-mail message, please describe the nature of the bug along with any steps required to replicate it — as well as pertinent applications, programs or tools used to discover the bug.
Include your legal name, MileagePlus membership account number, and telephone number with your submission.
A drafted report including legible screenshots is greatly appreciated.

Summary

Yup — so tilt that ten-gallon hat of yers and consider yerself deputized by this grand ol’ company which conducts a significant portion of its business in Texas, pardner. Discover and report those issues which affect the confidentiality, integrity or availability of customer or company information — and you could be rewarded handsomely for being the first to discover a bug, as you ride off into the sunset with your bounty of MileagePlus miles…

Who needs pudding when you can earn a mint from coins?

…but also realize that many other terms and conditions apply pertaining to your participation in the Bug Bounty program; so approach your varmint with caution…

…and for the record, I believe that other frequent travel loyalty programs should implement similar programs to improve stability and security of their Internet web sites and stored sensitive information; and perhaps compromises and breaches — such as the ones with Starwood Preferred Guest, Hyatt Gold Passport, British Airways Executive Club, Hilton HHonors and other frequent travel loyalty programs — could be mitigated or even eventually eliminated.

Te Anau in New Zealand

Ornate Streetlights in Barcelona. Sunday Morning Photograph.

The Catch in Longview in Texas. Restaurant Review.

Save 50% on Hilton Honors Points With Daily Getaways — April 15, 2024

Annual Daily Getaways Deals 2024 Start April 15 — Preview Some Deals Now

Miles and Points On Sale — April 12 2024

Te Anau in New Zealand

The Catch in Longview in Texas. Restaurant Review.

Visiting Endangered Historic Brooklyn — In Illinois

Second Total Solar Eclipse Flight Added on April 8, 2024 — But…

Chase This Total Solar Eclipse by Airplane on April 8, 2024

2 Reasons Why Paying in Advance May Be a Good Idea

What Is Wrong With This Photograph? Part 244

What Is Wrong With This Photograph? Part 243

236 Brands. 9 Lodging Companies. Interactive List. April 2024.

Protesters Blocking Access Roads to Airports: What Should Be Done About Them?

Three New Ridiculous Mandatory Lodging Fees

Should Travel Benefits For Military Personnel Be Improved?

Protesters Blocking Access Roads to Airports: What Should Be Done About Them?

Zone Number Boarding to Return in May 2024 to Delta Air Lines

Three New Ridiculous Mandatory Lodging Fees

Miles and Points On Sale — April 12 2024

Your Chance to Play Football With a Professional Football Player Through Hilton Honors

Miles and Points On Sale — April 5 2024