This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties.  Members and Law enforcement use only. Contact us for any permissions.  To do otherwise will result in the loss of membership.

Complete Story
 

03/05/2023

Critical Vulnerabilities Allowed Booking.com Account Takeover

Security Week

The issues were identified by API security firm Salt Security and reported to Booking.com in early December 2022. Patches were rolled out in the next few weeks and Salt Security disclosed technical details on Thursday.

The vulnerabilities found by Salt Security researchers centered around the way Booking.com implemented OAuth, the authorization standard used by many online services to allow customers to sign in with their Google or Facebook accounts.

In the case of Booking.com, the flaws were related to the OAuth integration with Facebook. An attacker could have exploited these weaknesses to take complete control of a user’s account, obtain their personal information from their Booking account, and perform actions on the victim’s behalf, such as canceling or booking reservations and ordering transportation services.

Read more...

Printer-Friendly Version


Resources

Alerts

The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.

more information
Resources

Resources

Your electronic library to help in fighting financial fraud for all of our partners.

more information