Booking.com flaw allows full account takeover

Salt Labs researchers identified vulnerabilities which could have enabled attackers to take over users’ accounts

Mar 3, 2023

Flaws in the authorization system of the Booking.com website could have allowed attackers to take over user accounts and gain full visibility into their personal or payment-card data, as well as log in to accounts on the website's sister platform, Kayak.com, researchers have found.

Salt Security disclosed the issues to Booking.com, which researchers lauded for responding quickly to address and completely mitigate them. Moreover, there had been no evidence of compromise to the Booking.com platform before the issues were resolved, Booking.com said in a statement provided by Salt Security.

Get the full story at Salt

Related must-reads