The American aviation giant, United Airlines, have taken a radical step to ensure their business security I as protected as possible. It was announced yesterday that the company has rewarded a number of internet hackers with millions of air miles for highlighting vulnerabilities in their web security. The hacker didn’t even attack them!
UA provided 1 million air miles to 2 would be attacker but this is not where the story ends as a number of other would be assailants came forward on Twitter to announce that they have also been paid by the airline (albeit with smaller rewards) for pointing out other frailties within their systems.
This is not a necessarily new phenomenon but it is one of the most public confessions regarding this sort of activity and as far as we are aware a first in the airline industry. It is often rumoured that this sort of activity happens far more than we would ever imagine.
Is this what we should be doing? Rewarding potential hackers to head them off before they create serious damage or does this set a dangerous precedent which could lead to blackmail or being held to ransom?