"We are committed to providing our customers secure access to their accounts, and we fixed this issue. But Dahan's experience highlights the stark reality of "white hat hacking" - that some companies still find it difficult to embrace unknown researchers finding flaws in their networks.Īfter CNBC contacted United Airlines, the company fixed the security hole. Last week, one of Google's security chiefs told CNBC that companies should "respect" hackers that break into their networks and pay them. Essentially, Dahan found a way to spam a person's account with incorrect passwords and lock them out. The security flaw discovered by Dahan enabled hackers to write a code that would block many of United Airlines MileagePlus customers' accounts. "I told them that I found the vulnerability, but I didn't get any response so I decided to escalate this issue to the media." "It was around two weeks ago and I didn't get any reply from the bug bounty program from the dedicated email address and I decided to reach out to employees from United using LinkedIn," Dahan, who runs his own research firm called Turrisio Cybersecurity, told CNBC by phone. So he was surprised when, two weeks later he had still not received a response from the company.ĭahan - a so-called "ethical hacker" who find security holes at a company and tells them about it - was especially shocked because United Airlines had recently launched a program which rewards security researchers with air miles for finding security flaws in its network.
When Israeli researcher Yosi Dahan told United Airlines that he had found a security flaw in its website, he thought the company would be quick to act.
0 kommentar(er)
