United is serious about squashing security bugs on its website and in its mobile apps. How serious? So serious that they are offering a bounty of up to 1 million MileagePlus miles to anyone who reports a problem.
50,000 miles for reporting cross-site scripting, cross-site request forgery, or third-party issues that affect United
250,000 miles for reporting authentication bypass, brute-force attacks, potential personally identifiable information disclosure, or timing attacks
1 million miles for reporting a remote code execution
If most of those security-issue descriptions sound like high-tech gobbledygook, you're not alone. I'm a long-time web publisher and I'd be hard pressed to explain what half of the above terms refer to.
Don't let your lack of a coding or Internet security background deter you, however. If you encounter an online issue, report it to United. It couldn't hurt, and it might just earn you a mileage windfall.
And do it sooner rather than later. Only the first report of a particular bug will be rewarded.
Reader Reality Check
Have you taken advantage of this opportunity to earn miles?
