August 29, 2024 at 03:45PM
Top travel and hospitality companies face serious security vulnerabilities, exposing customers to potential risks. An investigation by security vendor Cequence revealed significant flaws in major booking sites including Orbitz, Kayak, Skyscanner, and Travelocity, with 91% containing the most serious vulnerabilities and potential for man-in-the-middle attacks. Cloud infrastructure issues and PCI DSS v4.0 compliance are imminent concerns.
Based on the meeting notes, the top 10 travel and hospitality companies have been found to have serious security vulnerabilities in their public-facing cloud infrastructure, exposing customers to potential security risks. These vulnerabilities include issues related to cloud infrastructure, misconfigurations, and cloud sprawl. The researchers also emphasized the threat of man-in-the-middle attacks and the potential risks for consumers, as well as the negative impact on businesses.
It was noted that certain companies, such as Orbitz and Travelocity, have relatively safer online booking systems and fewer vulnerabilities in their public-facing applications. Additionally, the meeting highlighted the upcoming PCI DSS v4.0 security standard, which will impact online credit card safety and require companies to ensure compliance by April 2025. Moreover, the busy winter-travel season is expected to invite potential DDoS attacks.
In summary, the meeting notes underscore the urgent need for travel and hospitality companies to address the identified security vulnerabilities, prepare for upcoming security standards, and bolster their online booking systems for consumer safety.