Millions of airline customers possibly affected by OAuth security flaw
Posted by:
Olivia Smith
A prominent travel service used by several airlines recently faced a security vulnerability that could potentially allow unauthorized access to user accounts for booking changes. Salt Labs, an API security firm, reported that the flaw could be exploited to make hotel reservations, car rentals, and manipulate booking details. The service, linked with multiple airline platforms, also put millions of users at risk of loyalty points misuse. Despite the wide impact, the affected service remains unnamed for security reasons.
This security threat involved stealing session cookies through a carefully orchestrated attack. By tricking users into clicking customized links and prompting them to log in using airline credentials, criminals could gain access to valuable session tokens. This technique, leveraging OAuth, allowed bad actors to bypass standard security measures and slip under the radar. Salt Labs responsibly disclosed the issue to the service in question, prompting a swift resolution to reinforce user protection.
Recent Posts1
Wacom warns users their data may have been stolen in breach
February 6, 2025
