United Airlines has given millions of miles to hackers

United Airlines has given millions of miles to hackers
© Getty Images

United Airlines has given out millions of frequent fliers miles to hackers who discovered security flaws in the company's system, Reuters reported.

The program, first announced in May, was launched amid growing fears that airlines, planes and the whole air traffic control system are sitting ducks for cyberattackers. So-called “bug-bounty” programs are common at major tech companies like Google, but United was the first airline to try such an approach to shoring up security.

ADVERTISEMENT

United said it has awarded at least two people 1 million miles each, which can be redeemed for dozens of free domestic flights.

One of the recipients, Jordan Wiens, tweeted last week that he had exposed a flaw that could have led to a remote takeover of United’s websites.

“It’s really interesting that United did what they did,” he told Reuters. “There actually aren’t that many companies in any industry outside of technology that do bug bounties.”

But United wants to get out ahead of the problem as evidence mounts that the airline industry is digitally vulnerable.

In recent weeks, both United and Polish airline LOT had to ground planes for hours after their computer systems went down. While United said the issue was merely a technical glitch, LOT acknowledged it had been hit by a digital assault from which the company said no airline was safe.

On another occasion, United’s check-in system went down, causing long lines and delays.

The Federal Aviation Administration (FAA) has acknowledged that serious cybersecurity concerns plague the industry.

In February, the agency itself admitted that hackers had spread malicious software through its systems. A government watchdog report also warned that cyber saboteurs could potentially disrupt U.S. flight routes.

In response, the FAA in June convened its first committee, made up of pilots and representatives from plane manufacturers and parts suppliers, to develop a set of cybersecurity protections for the industry.