Benefit
Join for free
1,000 welcome miles
Save your details for quick booking
View and manage upcoming flights
Manage profile and preferences
Earn miles when flying or using our partners’ services
Redeem miles for award flights, seat upgrades and services from our growing list of partners
Enjoy exclusive benefits and discounts from our partners
Get advantage of more privileges as you move to higher tiers
Receive latest news and offers

Vulnerability Disclosure Program

Welcome to the Aegean Airlines Vulnerability Disclosure Program.

The protection of our passengers, employees, and services remain our top priority. We highly value the contribution of security researchers and the broader cybersecurity community in strengthening our systems and maintaining a secure digital environment.
By responsibly sharing potential security vulnerabilities, you help us ensure the protection of the millions of travelers who rely on Aegean Airlines. We truly appreciate your efforts and collaboration in enhancing aviation security.
If you have identified a valid security issue affecting any Aegean Airlines website, system, or service, we encourage you to submit a detailed report through HackerOne, following the guidelines provided. Please include clear steps to reproduce the issue and, where possible, a proof of concept.
Thank you for your support in helping us keep Aegean Airlines systems secure, robust, and dependable.

Overview
Last updated on May 18, 2026. View changes

Overview
If you believe you have identified a valid security vulnerability in any Aegean Airlines product, service, or website, please submit your findings through HackerOne in accordance with the guidelines outlined below.

Program Rules
When conducting security research, you must adhere to the following principles:

All vulnerabilities must be reported exclusively via the HackerOne platform. Submissions through any other channels will not be considered.
Participation is not permitted for employees, contractors, or individuals currently engaged in a professional relationship with Aegean Airlines or its affiliates.
Public disclosure of any vulnerability is strictly prohibited without prior written authorization from Aegean Airlines.
Testing must be limited to what is necessary to confirm the existence of a vulnerability. Avoid any activity that could cause disruption or harm.
Do not modify, delete, or access data.
Data exfiltration attempts are strictly forbidden under any circumstances.
If sensitive or personal data is accessed unintentionally, immediately stop testing and report the issue through HackerOne.
Only interact with accounts that you own or have explicit permission to use.
Do not attempt to use a vulnerability to access additional systems or escalate privileges beyond scope.
Denial of Service (DoS) testing is not allowed.
Social engineering attacks (including phishing, vishing, and smishing) are strictly prohibited.
Physical intrusion attempts targeting Aegean facilities or infrastructure are not permitted.
Respect the privacy, safety, intellectual property, and business operations of Aegean Airlines and third parties.
Reports must include clear, reproducible steps and, when applicable, a proof-of-concept.
Submit one vulnerability per report unless chaining is required to demonstrate impact.
Multiple issues caused by the same root vulnerability will be treated as a single report.
In case of duplicate submissions, only the first valid report will be reviewed.
Avoid submitting large volumes of low-quality or incomplete reports.

If you are unsure about your testing approach, pause and contact the security team via HackerOne.

Testing

While you're welcome to create accounts where they are available, we ask that you use your HackerOne alias when doing so. You can find instructions on how to find your alias here:https://docs.hackerone.com/en/articles/8404308-hacker-email-alias

We're unable to provide account licenses or refund expenses incurred during testing.

Session Layer: HTTP Headers
Researchers should add headers to requests such as:

"X-HackerOne-Research: [H1 username]"

Responsible Disclosure
Aegean Airlines supports responsible disclosure and asks that researchers

Submit all findings directly through HackerOne
Provide timely, accurate, and actionable information to allow efficient remediation
Act professionally and ethically at all times
Refrain from any public disclosure unless explicitly authorized in writing

Reports should include sufficient supporting material such as proof-of-concept code, screenshots, or logs. Submissions categorized as Spam, Informational, or Not Applicable will not be eligible for disclosure.

Disclosure Policy

Do not share or discuss any vulnerability details, including resolved issues, without explicit permission from Aegean Airlines.
Follow HackerOne's disclosure guidelines at all times.

Additional Rules

Ensure all reports are detailed and reproducible.
Submit one vulnerability per report unless chaining is required.
Duplicate reports: only the first valid submission will be triaged.
Multiple findings caused by a single root issue will be treated as one.
Social engineering is strictly prohibited.
Make every effort to avoid privacy violations, data loss, or service disruption.
Interact only with accounts that you own or are authorized to use.

Thank you for helping keep Aegean Airlines and our users safe!

AEGEAN Flights

Flight status

This is your sign to book that trip!

15% discount on all flights

Free baggage

Free Wi-Fi onboard

Register

Vulnerability Disclosure Program