A couple of hackers who helped expose security vulnerabilities in the United Airlines website have been awarded 1 million frequent flyer miles each, Reuters reported.
While the reward is equivalent to dozens of domestic flights, Reuters notes in its coverage of the incident that the cost is likely significantly less than it would cost the airline to hire an outside security consulting firm.
The Christian Science Monitor reports that the awarded frequent flyer miles are the most that the company can give out as part of its new “bug bounty” scheme in which it compensates hackers who private disclose security vulnerabilities instead of exploiting them like the hackers who broke into Lufthansa and stole frequent flyer miles.
Deutsche Lufthansa AG, which is the largest airline in Europe, had its customer database breached by cyber criminals who sought to capitalize on the company’s cyber-security vulnerabilities in order to obtain vouchers and redeem awards.
Earlier this year, the Government Accountability Office (GAO) reported that the Federal Aviation Administration’s computer systems exhibit “significant security control weaknesses” which threaten the agency’s ability to ensure the safety and uninterrupted operation of the national airspace.
Senator Charles “Chuck” Schumer called for a federal investigation into airlines on Sunday as he alleged airlines withholding flight data from discount sites such as Expedia and Orbitz could cost travelers $6 billion on an annual basis as a result of increased airfares.
For hackers interested in cashing in on the “bug bounty” scheme offered by United Airlines, exploits jeopardizing the confidentiality of customer information are rewarded with 250,000 miles and major flaws, such as remote code execution vulnerabilities, can earn a maximum of 1 million miles.
