"Hackers Could Have Scored Unlimited Airline Miles by Targeting One Platform"

Travel rewards programs, such as those offered by airlines and hotels, highlight the benefits of joining their club as opposed to others. The digital infrastructure of many of these programs, including Delta SkyMiles, United MileagePlus, Hilton Honors, and Marriott Bonvoy, is built on the same platform. The infrastructure is provided by Points and its suite of services, which includes an expansive Application Programming Interface (API). However, new research published by a group of security researchers reveals vulnerabilities in the Points[.]com API that could have been exploited to expose customer data, steal customers' "loyalty currency" (miles), or even compromise Points global administration accounts in order to take control of entire loyalty programs. This article continues to discuss the potential exploitation and impact of the flaws found in the Points platform. 

Wired reports "Hackers Could Have Scored Unlimited Airline Miles by Targeting One Platform"