The airline, in an effort to ramp up its web security, offered “bug bounties” to hackers who uncovered cyber risks within its systems. United wants helpful hackers to find the weaknesses before malicious ones do.

United (UAL) first announced the program in May and told Reuters on Thursday that it has twice paid out its maximum award worth 1 million miles to individuals who flagged security flaws. One million miles can be cashed in for dozens of free domestic flights on the airline.

To receive the free miles, hackers must be the first to discover a bug and notify United of it, according to the airline’s website.

Jordan Wiens, who researches cyber vulnerabilities, tweeted last week that he was the recipient of one of the 1 million mile awards.

Wow! @united really paid out! Got a million miles for my bug bounty submissions! Very cool. pic.twitter.com/CEclmhmyUq

— Jordan Wiens (@psifertex) July 10, 2015