Arr, ye scurvy hackers be plunderin' yer travel booty 'n takin' yer precious miles fer their own gain!
2023-08-15
Arrr! Ye scurvy hackers be pillagin' the website's loopholes, plunderin' yer precious vacation points and sens'tive tidings! Fear not, me hearties, fer Kurt "CyberGuy" Knutsson shall reveal how ye can keep yerself safe from these scallywags! Avast, mateys!
Frequent flyer miles and loyalty points are highly valued by many people, so the thought of losing or having them stolen is a cause for concern. Recent findings from cybersecurity researchers have revealed some alarming information about the loyalty commerce company Points.com, which provides an application programming interface for popular travel rewards programs.The researchers discovered vulnerabilities in Points.com between March and May 2023 that made it attractive to hackers. These vulnerabilities could have been exploited to steal customers' travel points, personal data, and even gain control of the loyalty programs. One key issue found in the system involved easily accessing customer details such as account numbers, addresses, phone numbers, email addresses, and partial credit card numbers. This allowed the researchers to move around the Points API system and access sensitive information.
Furthermore, the researchers found leaked authentication keys for Virgin Red, which could have allowed an attacker to modify accounts and manipulate points. For United MileagePlus, they discovered an easily guessable secret encryption for cookies, which could have compromised the entire Points platform.
Points.com has since addressed the vulnerabilities related to Virgin Red and United MileagePlus, but the researchers warn that there may be other unknown bugs in the system. It is advised to be proactive about your rewards accounts by regularly checking them and paying attention to notifications about breaches.
While Points.com has fixed the reported vulnerabilities and there is no evidence of exploitation by malicious actors, companies should be regularly checked for security issues to ensure the safety of customer data and loyalty programs.
It is important to protect your hard-earned points and stay vigilant against potential hackers. Always monitor your accounts and be aware of any major breaches. The researchers' findings highlight the need for companies to prioritize cybersecurity and take measures to prevent unauthorized access and data theft.
To stay updated on security alerts, you can subscribe to the CyberGuy Report Newsletter on Cyberguy.com. It is crucial for individuals and organizations to prioritize cybersecurity and protect their valuable assets.