Cybersecurity Protecting Loyalty Points : Experts Uncover Vulnerabilities

Cybersecurity Protecting Loyalty Points : Today’s loyalty points and frequent flyer miles must be protected from hackers. Cybersecurity experts detected issues, which is concerning. Ian Carroll, Shubham Shah, and Sam Curry found this reward shopping company unsettling.’s large API powers several popular travel reward systems. Delta SkyMiles, United MileagePlus, Hilton Honors, and Marriott Bonvoy are loyalty programs.

In March and May 2023, researchers uncovered vulnerabilities that hackers may exploit. These weaknesses could steal users’ trip points, sensitive data, and points from loyalty programs. Results are explained, and safety measures are suggested.

The major issue with is that you can’t remove customer rewards account numbers, addresses, phone numbers, emails, and credit card information. The experts tricked the Points API mechanism to make component switching easy. They obtained this confidential data. Hackers can readily obtain personal data despite data collection constraints. Hackers can also access accounts using a client’s last name and point number. This allowed unauthorized reward point trades.

If Virgin Red login keys leaked, Virgin Atlantic information might be accessed. This vulnerability allowed a hacker to change account settings or points without permission. The global point management website was weak for United MileagePlus. A secret protected this encrypted cookie, which was unique to each user. The key was “secret”. Attackers may have installed harmful code on the website using this exploit, putting the Points program at risk.

Cybersecurity Protecting Loyalty Points
Image :Cybersecurity

Read More : Tech Tips: Elevate Your Digital Experience with Quick and Easy Tricks

Most crucially, Virgin Red and United MileagePlus issues are resolved. The biggest discovery was a gap that allowed hackers to attack any point system. Each user’s cookie was protected by a “secret.” Decrypting these cookies gave the study team privileges generally reserved for global administrators. They then protected their cookie with more complex coding to prevent hacking. By copying this strategy, hackers might modify any Points incentive system to grant users rewards and powers without permission. rapidly corrected the issues, but experts caution that undiscovered flaws could harm users and reward schemes. Take care of:

Monitor your accounts. Find unexpected changes or substantial decreases in points.

Report Suspicious Activity: Ask for help if your awards program was changed without your consent.

Change all prize account passwords to something harder and more distinct. Use a reliable password manager for added security.

Enable 2FA. 2FA makes it tougher for hackers to access your account.

Plusgrade bought in 2022, but they didn’t respond to our numerical queries by the deadline. Keep your valuable points and dream travel plans. Monitor accounts and follow the points program because they can be hacked.

Leave a Reply

Your email address will not be published. Required fields are marked *