SiliconAngle reports that Booking Holdings' online travel agency Booking.com had several critical security flaws within its implementation of the OAuth functionality, which could be leveraged to achieve widespread account takeovers and server breaches.
Despite no evidence suggesting the exploitation of OAuth misconfigurations to access Booking.com customer accounts, such access could have facilitated complete user account control and the compromise of sensitive user data, including personal identifiable information, according to a report from Salt Security's Salt Labs research team.