This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties.  Members and Law enforcement use only. Contact us for any permissions.  To do otherwise will result in the loss of membership.

Complete Story


Critical Vulnerabilities Allowed Account Takeover

Security Week

The issues were identified by API security firm Salt Security and reported to in early December 2022. Patches were rolled out in the next few weeks and Salt Security disclosed technical details on Thursday.

The vulnerabilities found by Salt Security researchers centered around the way implemented OAuth, the authorization standard used by many online services to allow customers to sign in with their Google or Facebook accounts.

In the case of, the flaws were related to the OAuth integration with Facebook. An attacker could have exploited these weaknesses to take complete control of a user’s account, obtain their personal information from their Booking account, and perform actions on the victim’s behalf, such as canceling or booking reservations and ordering transportation services.


Printer-Friendly Version



The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.

more information


Your electronic library to help in fighting financial fraud for all of our partners.

more information