Editing United Airlines (section)

=== Cyber security issues ===
United awarded airline miles as "[[Bug bounty program|bug bounties]]" to hackers who could identify gaps in the carrier's web security. Two hackers have each been rewarded with 1 million miles of air travel as of July 15, 2015. This cybersecurity program was announced a few weeks after the company experienced two software glitches. The first incident delayed 150 United flights on June 2 due to a problem with its flight dispatching system. Six days later, United's reservation system delayed flights by not allowing passengers to check-in. In addition to the "bug bounty" program, United said it tests systems internally and engages cybersecurity firms.<ref>{{Cite news |last=Dastin |first=Jeffrey |date=July 16, 2015 |title=United Airlines awards hackers millions of miles for revealing risks |work=Reuters |url=https://www.reuters.com/article/us-cybersecurity-airmiles-idUSKCN0PQ0A320150716 |url-status=live |access-date=July 16, 2015 |archive-url=https://web.archive.org/web/20151201061034/http://www.reuters.com/article/2015/07/16/us-cybersecurity-airmiles-idUSKCN0PQ0A320150716 |archive-date=December 1, 2015}}</ref><ref>{{Cite news |last=Bogage |first=Jacob |date=July 16, 2015 |title=Why United Airlines is rewarding hackers with millions of free miles |newspaper=The Washington Post |url=https://www.washingtonpost.com/blogs/the-switch/wp/2015/07/16/why-united-airlines-is-rewarding-hackers-with-millions-of-free-miles/ |url-status=live |access-date=July 16, 2015 |archive-url=https://web.archive.org/web/20150721224708/https://www.washingtonpost.com/blogs/the-switch/wp/2015/07/16/why-united-airlines-is-rewarding-hackers-with-millions-of-free-miles/ |archive-date=July 21, 2015}}</ref>

In July 2019, security researcher Sam Jadali exposed a catastrophic data leak known as [[DataSpii]], involving clickstream data provider DDMR and marketing intelligence company Nacho Analytics (NA).<ref>{{Cite web |last=Goodin |first=Dan |date=2019-07-18 |title=My browser, the spy: How extensions slurped up browsing histories from 4M users |url=https://arstechnica.com/information-technology/2019/07/dataspii-inside-the-debacle-that-dished-private-data-from-apple-tesla-blue-origin-and-4m-people/ |access-date=2024-03-04 |website=Ars Technica |language=en-us |archive-date=February 27, 2024 |archive-url=https://web.archive.org/web/20240227070343/https://arstechnica.com/information-technology/2019/07/dataspii-inside-the-debacle-that-dished-private-data-from-apple-tesla-blue-origin-and-4m-people/ |url-status=live }}</ref> NA granted its members access to real-time data, including the ability to observe United Airlines passengers checking into their flights through the United website.<ref>{{Cite web |title=DataSpii Impacted Companies |url=https://securitywithsam.com/dataspii-impacted-companies/ |access-date=2024-03-04 |website=Security with Sam |language=en-US |archive-date=February 19, 2024 |archive-url=https://web.archive.org/web/20240219195101/https://securitywithsam.com/dataspii-impacted-companies/ |url-status=live }}</ref> The Washington Post highlighted how DataSpii resulted in the dissemination United passenger information including last names and flight confirmation numbers.<ref>{{Cite news |last=Fowler |first=Geoffrey A. |date=2019-07-19 |title=Perspective {{!}} I found your data. It's for sale. |url=https://www.washingtonpost.com/technology/2019/07/18/i-found-your-data-its-sale/ |access-date=2024-03-04 |newspaper=Washington Post |language=en-US |issn=0190-8286 |archive-date=July 18, 2019 |archive-url=https://web.archive.org/web/20190718150650/https://www.washingtonpost.com/technology/2019/07/18/i-found-your-data-its-sale/ |url-status=live }}</ref> The disseminated data also enabled the viewing of United customers' current geographic locations as they checked into their flights via the United website.<ref>{{Cite web |last=Jadali |first=Sam |date=2019-07-18 |title=DataSpii - A global catastrophic data leak via browser extensions |url=https://securitywithsam.com/2019/07/dataspii-leak-via-browser-extensions/ |access-date=2024-03-04 |website=Security with Sam |language=en-US |archive-date=July 18, 2019 |archive-url=https://web.archive.org/web/20190718122051/https://securitywithsam.com/2019/07/dataspii-leak-via-browser-extensions/ |url-status=live }}</ref> DataSpii harvested data from millions of Chrome and Firefox users through compromised browser extensions, exploiting United's method of embedding personally identifiable information (PII) directly within the URLs. Jadali's investigation revealed that DDMR facilitated rapid dissemination of this data to additional third parties, often within minutes of acquisition, endangering the privacy of the sensitive data collected.<ref>{{Cite web |last=Goodin |first=Dan |date=2019-07-18 |title=More on DataSpii: How extensions hide their data grabs—and how they're discovered |url=https://arstechnica.com/information-technology/2019/07/dataspii-technical-deep-dive/ |access-date=2024-03-04 |website=Ars Technica |language=en-us |archive-date=February 27, 2024 |archive-url=https://web.archive.org/web/20240227065448/https://arstechnica.com/information-technology/2019/07/dataspii-technical-deep-dive/ |url-status=live }}</ref>