United Airlines pays out ‘bug bounties’ to clean up security gaps

United Airlines

Travelers gather at Los Angeles International Airport as United Airlines experienced computer problems on July 8, 2015.

(Aristomenis Tsirbas / Associated Press)

In a first for a U.S. carrier, United Airlines has paid out “bug bounties” to cybersecurity experts who found and exposed weaknesses in the airline’s website.

Two cybersleuths were each paid 1 million loyalty reward miles for uncovering gaps in the airline’s Web security.

The Chicago-based carrier announced it would pay out the bounty in May, a few weeks before the latest of several technical glitches grounded flights for nearly 90 minutes.

United officials say the “bug bounty” program was an idea that the airline borrowed from technology companies in Silicon Valley that also offer rewards to anyone who can identify cybersecurity gaps.


At United, the bounties are paid on a sliding scale based on the severity of the security gap, with 1 million reward miles paid to whoever can find an opening that allows someone to execute computer codes at the United website from a remote server.

That reward should pay for about three first-class round-trip tickets to Europe from the U.S.

To read more about travel, tourism and the airline industry, follow me on Twitter at @hugomartin.

Get our weekly California Inc. newsletter