Security researcher Jordan Wiens will be flying after submitting a security flaw to the United Airlines bug bounty program, launched in May, and receiving one million air miles as a reward.

Wiens discovered a remote code execution (RCE) flaw in May, according to ZDNet, that If left unchecked could allow an attacker to have unauthenticated access to entry systems to inject malware and other disruptive applications. The airline verified the vulnerability and Wiens received his prize roughly two months later.

The United program offers rewards for security flaws which impact the “confidentiality, integrity and/or availability of customer or company information” of client-facing websites and third-party sites used by the airline. Depending on the severity of the flaw, bounty hunters can earn between 50,000 and 1,000,000 miles for each vulnerability they discover.