Security experts warn that a number of flaws in the well-known airline and hotel rewards platform points.com could have given attackers access to user data.
Points.com serves as the backend for numerous hotel and airline loyalty programs and functions as a market for trading and repurchasing loyalty points. These flaws might have given attackers access to a global administrator website, granting them the ability to issue points, manage loyalty programs, and carry out various administrative tasks. They might even have allowed them to transfer points between accounts.
An unauthenticated HTTP path traversal bug that could have been used to gain access to an internal API and expose a database of 22 million order records was discovered and reported to points.com by security researchers in early March.
Read More: Points.com Vulnerabilities Allowed Customer Data Theft, Rewards Program Hacking
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.