This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties.  Members and Law enforcement use only. Contact us for any permissions.  To do otherwise will result in the loss of membership.

Complete Story


Account takeover attacks possible with vulnerabilities

SC Media

SiliconAngle reports that Booking Holdings' online travel agency had several critical security flaws within its implementation of the OAuth functionality, which could be leveraged to achieve widespread account takeovers and server breaches.

Despite no evidence suggesting the exploitation of OAuth misconfigurations to access customer accounts, such access could have facilitated complete user account control and the compromise of sensitive user data, including personal identifiable information, according to a report from Salt Security's Salt Labs research team.


Printer-Friendly Version



The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.

more information


Your electronic library to help in fighting financial fraud for all of our partners.

more information