Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Patch/Configuration Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Marriott fixes Android app issue that may have exposed personal data

A flaw that may have exposed sensitive payment card data belonging to Marriott International Android app users has been patched by the hotel chain. 

Discovered by Randy Westergren, senior software developer at XDA-Developers, the flaw has likely been present since the app became available in 2011. 

The weakness came into play when the app interacted with the Marriott server. The app failed to use any token or authorization protocol to access reservations, meaning any potential attacker could create a script to submit a random sequence of numbers to the server until one matched a Marriott membership number. This would then enable them to access member information which included names, reservation numbers, addresses, contact details and the last four digits of credit cards. 

Marriott addressed the flaw on Jan. 21, one day after Westergren reported it to the hotel chain.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.