Free Flight Deal Exposes Customer Data
The Sydney Morning Herald has reported on the problems caused by a poorly secured free flight deal being offered by Australian budget airline Virgin Blue. The offer provided a free flight on Virgin Blue for anyone who bought a mobile phone on a connection plan from Virgin Mobile.
Customers who decided to take advantage of this offer were provided SMS notification of a code that they could enter on the Virgin Mobile website and then redeem for a free flight.
So far, so good. The problem is that the codes being issued to customers were sequential, which meant that by changing the last couple of digits of the received code any customer could view the details of other customers.
Following the reporting of the vulnerability, the authentication was changed to code + surname, and the company believes that only about 50 customers were affected.
25 May 2007
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.Comments will soon be available for registered users.