"OAuth Vulnerabilities on Booking.com Could Have Resulted in Account Takeovers"

Salt Security has revealed new threat research highlighting critical security vulnerabilities discovered on the website of Booking Holdings, a popular hotel booking service. The flaws stem from how the site's designers implemented the Open Authorization (OAuth) social-login feature, potentially exposing users logging into the site through their Facebook accounts. The OAuth misconfigurations could have enabled large-scale customer account takeovers and server compromise. Although there is no evidence that malicious actors have already exploited the OAuth misconfigurations to gain access to customer accounts, the access could have serious effects. Had threat actors gained access, they could have manipulated platform users to gain complete control over user accounts, stolen Personally Identifiable Information (PII) and other sensitive user data stored by Booking.com. They could have also carried out actions on the user's behalf, such as booking or canceling reservations and ordering transportation. This article continues to discuss the critical security vulnerabilities discovered to be contained by the website of the popular Booking Holdings website. 

SiliconANGLE reports "OAuth Vulnerabilities on booking.com Could Have Resulted in Account Takeovers"