A security flaw in United Airlines’ website may have exposed ticket information for customers who requested a refund, according to a new report from TechCrunch.
The bug caused the website to not validate a user’s last name when checking their refund status. That made it possible to access other travelers’ refund information simply by changing the ticket number, TechCrunch reported.
Like many airlines, United’s website allows users to check their refund status by entering their ticket number and last name. It was not immediately clear whether another user’s information could be viewed without knowing their full ticket number.
IT security expert Oliver Linow discovered the bug and told TechCrunch that the security hole allowed him to see traveler names, payment type, currency used, and the refund amount. It was not clear whether any more sensitive information was visible.
Linow said that he reported the bug to United in July, and that it took the airline more than a month to fix it. He tweeted that he estimates that 100,000 user records were visible, possibly more.
Companies doing business in the European Union are subject to steep fines for failing to protect user privacy — it was not clear whether the bug affected European versions of United’s site, nor whether the bug was something that could subject United to penalties.
A spokesperson for United told Business Insider that the airline was looking into the report, but that he did not believe that any sensitive information was visible.
Airlines have been inundated with refund requests during the coronavirus pandemic as travelers cancel preexisting plans due to border closures, quarantine requirements, or safety concerns.
However, airlines have been slow to issue refunds as they work to manage cash flow during the crisis, prompting the Department of Transportation to warn airlines about complying with cancellation rules.
View original article here Source
Blink Mini – Compact indoor plug-in smart security camera, 1080 HD video, night vision, motion detection, two-way audio, Works with Alexa – 1 camera
(65909)
Acer Aspire 5 Slim Laptop, 15.6 inches Full HD IPS Display, AMD Ryzen 3 3200U, Vega 3 Graphics, 4GB DDR4, 128GB SSD, Backlit Keyboard, Windows 10 in S Mode, A515-43-R19L, Silver
(21585)
amFilm Tempered Glass Screen Protector for Nintendo Switch 2017 (2-Pack)
(67044)
Echo Show 5 -- Smart display with Alexa – stay connected with video calling - Charcoal
(268024)
New Apple iPad (10.2-inch, Wi-Fi, 32GB) - Gold (Latest Model, 8th Generation)
(17527)
VELCRO Brand ONE-WRAP Cable Ties | 100Pk | 8 x 1/2" Black Cord Organization Straps | Thin Pre-Cut Design | Wire Management for Organizing Home, Office and Data Centers
(21027)
SUPERDANNY USB Surge Protector Power Strip Mountable Extension Cord Multiple Protection 5 Outlet 3 USB Port with Hook & Loop Fastener for iPhone iPad PC Home Office Travel Black
(14582)
Apple Watch Series 3 (GPS, 38mm) - Silver Aluminum Case with White Sport Band
(99250)
Fujifilm Instax Mini Instant Film Twin Pack (White)
(48106)
Fire TV Stick 4K streaming device with Alexa Voice Remote | Dolby Vision | 2018 release
(488011)Amazon Auto Links: Could not resolve the given unit type, . Please be sure to update the auto-insert definition if you have deleted the unit.