Most people are familiar with email scams and hoaxes that promise financial or travel rewards for liking Facebook pages or similar activity. Very occasionally, however, such offers are genuine – as in the case of the man who found two bugs on an airline website and was rewarded with a million free miles.
A million free miles, as Britain’s Daily Mail pointed, out is equivalent to eight first class round-trip flights between the US and Europe – quite convenient as the recipient of the airline’s largesse lives in Florida.
The carrier concerned is United Airlines, which two months ago launched a “bug bounty” program, under which any computer programmer or researcher who can find bugs or flaws in the airline’s website or app becomes eligible for reward. It can be cheaper for airlines than hiring an outside researcher.
“If you think you have discovered a potential security bug that affects our websites, apps and/or online portals, please let us know,” the site reads. “If the submission meets our requirements, we’ll gladly reward you for your time and effort.”
To qualify, the bugs have to be computer security bugs, not real bugs, like bedbugs or weevils.
The bug bounty works for the airline, as hackers and unscrupulous people can exploit such bugs and flaws to rip off the system. The speed of social media means that any hacker discovering a vulnerability can disseminate their findings around the world in minutes.
Jordan Wiens, who owns a security company, sent United what he described as a couple of “lame” glitches, and found to his delight that he qualified for the airline’s biggest payout, My Fox Tampa Bay reported.
Wiens is sworn to secrecy but tech sites suggest he uncovered a “remote code execution bug”, which could have let a hacker inject code into a program and run it.
Wiens is now planning a trip to Hawaii with his family, and they are unlikely to be flying economy class.
Written by Peter Needham