Tech

Millions of airline customers possibly affected by OAuth security flaw

Share
Share


  • A travel service, integrated into many airline service providers, carried a security flaw
  • This could be abused to log into people’s accounts and change their bookings
  • It has since been reported and mitigated

A “popular, top-tier” travel service for hotel and car rentals was vulnerable to a flaw which allowed malicious actors to take over anyone’s account, a new report from API security firm Salt Labs has claimed.

By abusing the flaw, they would be able to book hotel rooms, rent cars, and modify any booking information, easily. To make matters worse, since the service is integrated into “dozens” of commercial airline online services, it would also allow miscreants to spend airline loyalty points, and more.

Share

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles
Singapore turns skyscraper into a 250-million pixel canvas with projections that broke three world records
Tech

Singapore turns skyscraper into a 250-million pixel canvas with projections that broke three world records

Singapore’s skyline becomes a glowing canvas celebrating both national history and brand...

AMD’s budget server CPU just destroyed its old flagship, almost 3X faster and shockingly efficient
Tech

AMD’s budget server CPU just destroyed its old flagship, almost 3X faster and shockingly efficient

Benchmarks show AMD’s new EPYC 4005 series outperforming older eight-channel EPYC 7601...

This rugged Samsung tablet offers 8 years of Android updates and dual hot-swappable batteries
Tech

This rugged Samsung tablet offers 8 years of Android updates and dual hot-swappable batteries

Samsung’s rugged tablet built for frontline industries has dual batteries and 5G...