A travel service, integrated into many airline service providers, carried a security flaw
This could be abused to log into people’s accounts and change their bookings
It has since been reported and mitigated
A “popular, top-tier” travel service for hotel and car rentals was vulnerable to a flaw which allowed malicious actors to take over anyone’s account, a new report from API security firm Salt Labs has claimed.
By abusing the flaw, they would be able to book hotel rooms, rent cars, and modify any booking information, easily. To make matters worse, since the service is integrated into “dozens” of commercial airline online services, it would also allow miscreants to spend airline loyalty points, and more.