Tuesday, January 26, 03:13
Home security A flaw in Hotels.com affected Tesco Clubcard users

A flaw in Hotels.com affected Tesco Clubcard users

A vulnerability which was found in the way it created codes Hotels.com, has affected them users of Tesco Clubcard, who were notified to check their accounts.

Tesco

While Tesco Clubcard's computer systems do not appear to have been compromised, security researchers have found that Criminals of cyberspace bought counterfeit coupons to offer huge discounts on bookings through Hotels.com. The codes are created by Hotels.com and are available to Tesco Clubcard members as a reward for their purchases at the store.

As he said The Telegraph, these coupons offered a discount of up to 750 £ for hotel rooms via Hotels.com. The crooks were able to guess his last four digits code offer that unlocks the discount, as the other nine characters follow the same pattern each time. They then provided these codes for sale in illegal forums.

The first to discover vulnerability were its researchers CyberNews, who immediately notified Expedia and the booking site has since taken steps to resolve the issue. At the same time, Tesco Clubcard temporarily removed Hotels.com from the Clubcard Rewards program until the issue is resolved.

Tesco

A CyberNews spokesman said: "In the current economic climate, people are looking for ways to save money, so businesses need to be vigilant to prevent fraud. We would recommend using longer, less predictable discount codes with more characters that make it harder for criminals to detect them. cyberspace, as well as the application of a limit to attempts to enter incorrectly to prevent brute-force attacks of this kind. "

In a statement, Hotels.com said the issue had been "identified and resolved several months ago" and that, together with its partners at Tesco, it had ensured that only legitimate Clubcard customers could acquire and redeem them. codes who had won. "No Hotels.com or Tesco customers have lost the offer, losing Clubcard money or points," the company said in a statement.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

00:02:40

COVID-19 vaccines: Ways to protect supply chains

The development of vaccines for COVID-19 in such a short period of time has created many challenges and these are not only related to ...
00:02:17

How do insurance companies "enhance" ransomware attacks?

Ransomware attacks have increased significantly, with experts warning that their victims should not pay ransom to hackers ....

Russia: "US may be planning retaliation for SolarWinds hack"!

The Russian government warns the country's organizations about possible cyber attacks that the US may carry out, as "retaliation" for the hack ...

iPhone: How to see which apps have access to your contacts

Some iPhone privacy issues go deeper than accessing your contacts list, which exposes your contacts to ...

COVID-19: Google makes vaccination clinics available

Google CEO Sundar Pichai said Monday that the company will make its facilities available to become clinics ...

Netflix offers "studio quality" audio upgrade on Android

Do not be surprised if Netflix sounds better the next time you run a marathon with rows on your Android phone ...

Will Bitcoin return to $ 40.000? There is concern!

Bitcoin lovers who take his return above the level of $ 40.000 for granted have been worried because the demand ...

Avaddon ransomware: Its operators threaten with DDoS attacks to get ransom!

Lately, more and more ransomware gangs tend to threaten their targets with DDoS attacks in order to secure profits ....

Volunteer firefighters will be trained through VR simulation

Volunteer firefighters in the Australian state of Victoria will soon have access to the virtual reality (VR) training that will be available in ...

Tesla: Accuses its former employee of stealing her confidential data!

On January 23, Tesla sued former employee Alex Khatilov for stealing 26.000 confidential documents, including trade secrets. The software ...