Georgia Institute of Technology student Ryan Pickren used to get in trouble for hacking websites—in 2015, he hacked rival University of Georgia’s online calendar and almost spent 15 years in prison.
But now he’s being rewarded for his skills. Pickren participated in United Airlines’ Bug Bounty Program and earned 15 million United miles. At two cents a mile, that’s about $300,000 worth.
United’s white hat hacking program invites computer experts to legally hack their systems, paying up to 1 million United miles to hackers who can reveal major security flaws. At that rate, we can presume Pickren reported as many as 15 severe bugs.
The Points Guy noted that it’s potentially alarming that United’s systems “were so porous.”
Get Data Sheet, Fortune’s daily newsletter about technology
Pickren isn’t the only hacker who has recently discovered issues with the airline’s website: Last month, 19-year-old security researcher Olivier Beg earned 1 million frequent flyer miles by exposing 20 medium and low-severity issues (worth 250,000 and 50,000 frequent flyer miles, respectively).
The only drawback to all those free miles? Taxes. Having earned $300,000 of taxable income from the Bug Bounty Program, Pickren could owe the Internal Revenue Service tens of thousands of dollars.
He’s not keeping all of the miles, though: Pickren donated five million of them to Georgia Tech.
This article previously appeared on TravelandLeisure.com.