United Airlines pays out millions of airmiles to hackers as part of 'bug bounty' programme

Two million-airmile awards have already been handed out since the bug bounty programme started in May

United Airlines has awarded millions of frequent flier miles to hackers who have uncovered and disclosed gaps in the company's security.

The airline told newswire Reuters that it had even paid out two awards worth one million airmiles each - the highest award that it hands out. Jordan Wiens, a cyber-vulnerabilities researcher, tweeted last week that he had received the one-million mile bug bounty for exposing a flaw that could have enabled hackers to take control of one of the airline's websites.

"It's really interesting that United did what they did," he said in an interview with the news wire. "There actually aren't that many companies in any industry outside of technology that do bug bounties".

United did not confirm tweets from other individuals who had claimed they had received smaller amounts of airmiles from the airline.

United decided to take the bug bounty approach in May after it was the victim of an attack that enabled thieves with stolen usernames and passwords to break into customer accounts at American Airlines and United Airlines. The thieves booked trips for themselves using people's frequent flier miles.

About 36 different accounts were affected, and United Airlines said that the stolen airmiles would be restored into users' customer accounts. But the organisation didn't hesitate in trying to ensure that the same kind of security slip-up wouldn't occur again, claiming that the bug bounty programme would "further bolster its security".

The rules of the programme state that the problem has to be brought to the attention of the airline without the person exploiting it. This is in order to ensure that the researcher does not know how much information he or she could have accessed or manipulated.