A Premium Luggage Service’s Web Bugs Exposed the Travel Plans of Every User

UK-based luggage handling provider Airportr exposes customers’ travel records and personal details due to poor cybersecurity, according to researchers at CyberX9.
Among the information available to potential hackers were users’ names, phone numbers, addresses, travel plans, flight details and passport images.
The company’s website also had a vulnerabilities that allowed administrators to change passwords, and as a result, researchers could have gained full access to the company’s systems.
There was also no rate limiting on the site, meaning it was straightforward to brute force email addresses and easily gain access to user data.
Researchers found examples in the data of travelling officials and diplomats, including one who was a UK ambassador at the time of travel, and another who worked in cybersecurity for the US government.
CyberX9 said airlines bear some responsibility for failing to ensure the security of partner services they recommend to customers.

Fast Feed