He used part of the windfall to fly to Vegas for a hacker conference.
Olivier Beg, a 19-year old security researcher based in the Netherlands, flew to Las Vegas for hacker conferences this week using part of a bounty of 1,000,000 million frequent flyer miles he earned from United Airlines as part of a challenge to help the company fix security flaws on its website.
As first reported by the Netherlands Broadcasting Foundation and ZDNet, the Vegas trip only cost Beg 60,000 miles and 5 euros for airport taxes.
United Airlines’ bug bounty program will reward hackers with 1 million miles for remote code execution, 250,000 miles for medium-severity bugs, and 50,000 miles for low-severity issues.
Beg reported 20 separate security flaws to United. The largest single reward he earned was 250,000, but in total he collected 1 million miles.
The teenager began hacking companies to expose security flaws when he was 13 years old and eventually discovered flaws in the code for Facebook and Paypal, earning him $5,000. Beg’s LinkedIn page lists “ethical hacker” as his most endorsed skill. He currently works as the head researcher for cybersecurity firm Zerocopter.
Since United’s initiative was launched last year, a number of hackers have earned its top prize, including Kyle Lovett, a security penetration tester at Cisco Systems. To date, United is the only U.S. airline to offer a bug bounty. Major car companies offer their own bug-crushing rewards including General Motors, Fiat Chrysler, and Tesla, and earlier this year, the Pentagon and Apple both announced hacking-for-bounty programs.