For many of us, frequent flyer miles and credit card and hotel loyalty points are valuable. The idea that some of my hard-earned points could be lost or stolen has me leaping to check the app of each program to make sure the balances look right. And there’s good reason to have concern.
CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER
Some cybersecurity pros have dug up some seriously worrying stuff about the loyalty commerce company Points.com. Recent findings from cybersecurity researchers Ian Carroll, Shubham Shah and Sam Curry have found some upsetting information about the company.
Points.com provides an expansive application programming interface for popular travel rewards programs, including Delta SkyMiles, United MileagePlus, Hilton Honors and Marriott Bonvoy programs.
According to the researcher’s findings, the team reported that certain vulnerabilities to Points.com between March and May 2023 made it attractive to hackers. These vulnerabilities could have been exploited by hackers to steal customers’ travel points, their data and potentially gain control of the Points loyalty programs altogether. Here’s what we know so far and how you can protect yourself.
IS THIS NEW TECH GOING TO COST YOU YOUR JOB? HERE’S PROOF
Passengers pause to check the flight information displays at Ronald Reagan Washington National Airport on Aug. 8, 2023, in Arlington, Virginia. (Chip Somodevilla/Getty Images)
What vulnerabilities did the research team find?
A key issue that was found in the Points.com system involved easily being able to find details like customer rewards account numbers, addresses, phone numbers, email addresses, and partial credit card numbers. The researchers came across a manipulation in the system which would allow them to move around from one part of the Points API system to another, which gave them access to this information.
HOW TO RESTORE DELETED FILES AND REPAIR…
