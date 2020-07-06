Infosecurity Group Websites
Latest
News

Flaw Fixed in Hotels.com Generator as Tesco Clubcard Users Impacted

Tesco Clubcard users have been warned to check their accounts, after a weakness was discovered in the way that Hotels.com codes were generated, which then impacted Clubcard members as they tried to use their points.

Whilst Tesco Clubcard’s IT systems have not been compromised in any way, research found cyber-criminals purchased fraudulent vouchers to provide huge discounts on bookings via Hotels.com. The codes were generated by Hotels.com and made available to Tesco Clubcard members as a reward for in-store spending.

According to The Telegraph, the vouchers allowed people to get up to £750 off hotel rooms on Hotels.com. Fraudsters were able to guess the final four digits of the promotional code that unlocks the discount as the remaining nine characters follow the same pattern each time, and the codes were sold on hacker forums for between £200 and £750.

Initially alerted by researchers from CyberNews, who informed Hotels.com parent Expedia Group of the flaw, the booking site has since taken measures to resolve the issue and Tesco Clubcard temporarily removed Hotels.com from Clubcard Rewards until the issue was resolved.

A spokesperson for the CyberNews research team, said: “In the current economic climate people are looking for ways to save money, so businesses need to stay vigilant to prevent fraud. We’d recommend using longer, less predictable discount codes with more characters which make it harder for cyber-criminals to predict, as well as implementing a limit on attempts for an incorrect entry to prevent brute force attacks of this nature.”

A statement from Hotels.com said the issue “was identified and resolved promptly several months ago” and, working closely with its partners at Tesco, it ensured that only legitimate Clubcard customers were able to obtain and redeem the codes they had earned. “No customers of Hotels.com or Tesco missed out on the offer, lost money or Clubcard points as a result.”

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

NSA Issues VPN Security Guidance

2
News

Researchers Find Vulnerabilities in Apache Remote Desktop Software

3
News

New Cybersecurity Standard for IoT Devices Established By ETSI

4
News

Google VP Withdraws from Black Hat 2020 Over its Name

5
News

Global Dating App Users Exposed in Multiple Security Snafus

6
News

Record Number Enrol in Online NCSC CyberFirst Courses

1
News

Flaw Fixed in Hotels.com Generator as Tesco Clubcard Users Impacted

2
News

Corporate Cybercrime Victims Double in Five Years

3
News

North Korean Hackers Behind Magecart Attacks

4
News

Google VP Withdraws from Black Hat 2020 Over its Name

5
Opinion

Passwords Create More Vulnerabilities Than Ever

6
News

NSA Issues VPN Security Guidance

1
Webinar

ISO 27701: The New Privacy Standard, and How You Can Get Certified and Compliant

2
Webinar

Mitigating the Security Risks and Challenges of Office 365

3
Webinar

Building Remote Resilience: A Secure by Design Approach to Remote Working

4
Webinar

The CCPA Enforcement Era Begins: What to Expect from California’s Privacy Act

5
Webinar

Key Technologies, Strategies and Tactics to Fight Phishing

6
Webinar

The Impact of Artificial Intelligence on Cyber-Resilience

1
News Feature

Industry Figures Make #VersusRacism Pledge

2
Interview

Interview: Lior Div and Cybereason’s ‘UbU’ Diversity, Equity and Inclusion Mission

3
Blog

Busting the Top Myths About Privileged Access Management

4
Opinion

SIM Swap - The Silent Hacker

5
News Feature

Effective Cybersecurity in Hospitals During #COVID19 and Beyond

6
Webinar

The CCPA Enforcement Era Begins: What to Expect from California’s Privacy Act