Salt Security Uncovers API Security Flaws within Booking.com that Allowed Full Account Takeover - Issues have been Remediated
PALO ALTO, Calif., March 2, 2023 /PRNewswire/ -- Salt Security, the leading API security company, today released new threat research from Salt Labs highlighting several critical security flaws in Booking.com. The flaws were found in the implementation of the Open Authorization (OAuth) social-login functionality utilized by Booking.com, which had the potential to affect any users logging into the site through their Facebook account. The OAuth misconfigurations could have allowed for both large-scale account takeover (ATO) on customers' accounts and server compromise, enabling bad actors to:
- Salt Labs researchers discovered security vulnerabilities in the social login functionality used by booking.com, implemented with an industry-standard protocol called OAuth.
- According to the Salt Security State of API Security Report, Q3 2022 , Salt customers experienced a 117% increase in API attack traffic while their overall API traffic grew 168%.
- The Salt Security API Protection Platform enables companies to identify risks and vulnerabilities in APIs before they are exploited by attackers, including those listed in the OWASP API Security Top 10 .
- To learn more about Salt Security or to request a demo, please visit https://content.salt.security/demo.html .