Marriott’s Android App Found To Have Exposed Customers Credit Card Data

Perhaps when we think of luxurious hotels, we might think of hotels such as Marriott, but when we think about tech snafus, unfortunately Marriott’s name pops up not just once, but twice. Not only did Marriott make the news when they decided to block personal WiFi hotspots of their guests, which they then changed their mind later, a recent report has revealed that Marriott’s Android app has left customers’ credit card information open to hackers for the past four years.

This is according to Randy Westergren, a senior software developer who had recently discovered that Marriott’s Android app had a serious vulnerability that basically allowed hackers to access customer information, such as their financial details, on Marriott’s servers without the need for a password.

This vulnerability has reportedly been around since the app made its debut in 2011. The problem stemmed from the fact that the hotel’s Android app did not use any type of token or authorization data to access reservations, which Westergren tested for himself by creating a script that crawled through reservations numbers until it stumbled upon a valid one, and all he needed was the customer’s name and number to access their accounts on Marriott’s servers.

Thankfully Marriott has since plugged the vulnerability a day after Westergren reported the issue to the hotel chain, but in the meantime it is unclear as to how many credit card numbers might have been compromised since then. In the meantime if you have used the app, perhaps you should start keeping an eye on your credit card statements for any suspicious activities.

Tyler Lee
Categories: Cellphones
Tags: Android, Apps, marriott, Security