Marriott Android App Exposes Customer Credit Card Data To Hackers

Marriott Android App Exposed Customer Credit Card Data To Hackers

Software developer Randy Westergren has discovered a critical privacy vulnerability on Marriott android app which allows attackers to steal customer information including credit card data.

Westergren identified that the app sending request to fetch reservations without any authentication, only by entering a membership ID number. That means, an attacker could steal reservation info and check in time by using a membership ID number.

Since the Marriott's website only requires a last name and reservation number to log in, an attacker could steal personal information including addresses and last 4 digits of credit card numbers.

Marriott fixed the vulnerability as soon as he reported it.

No comments

Powered by Blogger.