The world is huge

Don't miss any of it

Travel news, itineraries, and inspiration delivered straight to your inbox.

By proceeding, you agree to our Privacy Policy and Terms of Use.


United Offers Mileage Bounty for Bug Reports

United is serious about squashing security bugs on its website and in its mobile apps. How serious? So serious that they are offering a bounty of up to 1 million MileagePlus miles to anyone who reports a problem.

Under the airline’s so-called “bug bounty program,” MileagePlus members will be rewarded as follows:

  • 50,000 miles for reporting cross-site scripting, cross-site request forgery, or third-party issues that affect United
  • 250,000 miles for reporting authentication bypass, brute-force attacks, potential personally identifiable information disclosure, or timing attacks
  • 1 million miles for reporting a remote code execution

If most of those security-issue descriptions sound like high-tech gobbledygook, you’re not alone. I’m a long-time web publisher and I’d be hard pressed to explain what half of the above terms refer to.

Don’t let your lack of a coding or Internet security background deter you, however. If you encounter an online issue, report it to United. It couldn’t hurt, and it might just earn you a mileage windfall.

And do it sooner rather than later. Only the first report of a particular bug will be rewarded.

Reader Reality Check

Have you taken advantage of this opportunity to earn miles?

This article originally appeared on

We hand-pick everything we recommend and select items through testing and reviews. Some products are sent to us free of charge with no incentive to offer a favorable review. We offer our unbiased opinions and do not accept compensation to review products. All items are in stock and prices are accurate at the time of publication. If you buy something through our links, we may earn a commission.

Top Fares From