#1 Middle East & Africa Trusted Cybersecurity News & Magazine |

33.4 C
Tuesday, June 25, 2024
Cybercory Cybersecurity Magazine
HomeBreachedCritical API Security Flaw in Booking.com Puts User Accounts at Risk

Critical API Security Flaw in Booking.com Puts User Accounts at Risk


Related stories

Escalating Tensions: US Sanctions Kaspersky Executives After Software Ban

The already strained relationship between the United States and...

What Is Disaster Recovery? Weathering the Storm: A Comprehensive Guide

The digital world, like the physical one, is not...

What Is GDPR? Navigating the Data Stream: A Comprehensive Guide

In today's data-driven world, our personal information flows freely...

What Is CCPA? Demystifying Data Privacy: A Comprehensive Guide

In today's digital age, our personal data is a...

What Is Data Breach? The Alarming Influx: A Comprehensive Guide

In today's digital age, our personal information permeates every...

Booking.com Investigates API Security Breach Allowing Full Account Takeover

Booking.com, one of the world’s largest travel e-commerce companies, recently announced a security breach in its API that could allow an attacker to gain unauthorized access to user accounts. The flaw was discovered and reported by cybersecurity experts at VpnMentor, who have been actively investigating API security vulnerabilities across multiple industries.

According to VpnMentor’s report, the vulnerability existed in Booking.com’s Partner API, which is used by third-party companies to manage bookings on behalf of customers. The flaw allowed anyone with access to the Partner API to gain full access to a user’s account, including their personal information, booking details, and payment information. In addition, attackers could also make new bookings and cancellations, essentially taking full control of the account.

Booking.com has acknowledged the issue and has taken immediate action to investigate the breach and secure its systems. The company stated that it had fixed the vulnerability and that there was no evidence of any unauthorized access to user accounts. However, as a precautionary measure, Booking.com has reset the passwords of all potentially affected accounts and has advised users to change their passwords.

The incident highlights the importance of API security, particularly in industries that rely heavily on third-party integrations. As more companies open up their APIs to enable third-party integrations, it is crucial that they implement robust security measures to prevent unauthorized access and data breaches.

API security breaches can have severe consequences for both businesses and customers, including reputational damage, financial losses, and identity theft. Therefore, companies must invest in regular security assessments and testing to identify and address potential vulnerabilities before they can be exploited by attackers.


The Booking.com API security breach serves as a reminder of the critical need for robust API security measures in today’s digital landscape. Companies must prioritize the security of their APIs and ensure that all third-party integrations are thoroughly vetted and secure. Additionally, customers must be proactive in protecting their personal information by regularly changing their passwords and monitoring their accounts for suspicious activity.


- Never miss a story with notifications

- Gain full access to our premium content

- Browse free from up to 5 devices at once

Latest stories



Please enter your comment!
Please enter your name here