Booking.com flaw allows full account takeover

Salt Labs researchers identified vulnerabilities which could have enabled attackers to take over users’ accounts

Mar 3, 2023

Flaws in the authorization system of the Booking.com website could have allowed attackers to take over user accounts and gain full visibility into their personal or payment-card data, as well as log in to accounts on the website's sister platform, Kayak.com, researchers have found.

Salt Security disclosed the issues to Booking.com, which researchers lauded for responding quickly to address and completely mitigate them. Moreover, there had been no evidence of compromise to the Booking.com platform before the issues were resolved, Booking.com said in a statement provided by Salt Security.

Get the full story at Salt

Related must-reads

JOIN 34,000+ HOTELIERS

Get our Daily Brief in your inbox

Consumers are changing the face of hospitality - from online shopping to personalized guest journeys and digitalized guest experiences ...
we've got you covered.

By submitting this form, you agree to receive email communication from Hospitality.today and its partners.