We use cookies on this website to provide a user experience that’s more tailored to you. By continuing to use the website, you are giving your consent to receive cookies on this site. Read more about our Cookie Policy and Privacy Policy.

I accept

Blog

2018-11-02

Hong Kong Airlines leaks passengers' personal information

It is suspected that Hong Kong Airlines has a serious loophole in the e-boarding pass issued. By modifying the e-boarding pass URL, the boarding pass number and flight details of another passenger are disclosed. Important personal data such as passenger name, date of birth, passport number and expiry date can also be checked with the information via the official website of airline.

This vulnerability is one of the Open Web Application Security Project (OWASP)’s Top 10 vulnerabilities – A5:2017 “Broken Access Control”, programmers expose insecure direct object references. The airlines in the event did not encode the passenger information on the e-boarding pass, which results in the possibility of unauthorized access to important personal data of other passengers by modifying the e-boarding pass URL.

We recommend that when processing sensitive data, strict monitoring and identity authorization verification are required to reduce the risk of unauthenticated or unauthorized access exploiting by hackers. In addition, it is a best practice to perform a regular full assessment to enterprises’ network infrastructure and web applications which identifies potentially damaging vulnerabilities and threats.

Hot Articles

CITIC Telecom CPC Facilitates Enterprises' Digital Globalization with its

Big Data Era

Innovation Never Stops

[Enterprise InfoSec Series] 60% of Cyberattacks Originated from Insider Threats?!

Privacy that you can learn from a National ID

Share this post
Select Tags

ALL AI BIG DATA CLOUD CONNECTIVITY DATA CENTERS DATA PRIVACY EDTECH INFOSECURITY INNOVATION OBOR SD-WAN TRANSFORMATION

Related Products

If you would like to learn more about the topic, please leave us your information and we will contact you shortly.

Contact Us

Welcome to CITIC Telecom CPC

You are about to visit our website.

Preferred location:

S. Africa

S. America

US & Canada

China Entercom

APAC
Europe & CIS
S. Africa
S. America
US & Canada
Products & Services

Back

Products & Services

Private Network Information Security Cloud Solutions Cloud Data Center Internet Services Managed Portal Europe & CIS Solutions
Solutions

Back

Solutions

Architecture, Engineering & Construction Automobile Banking & Finance e-Commerce Logistics and Transportation Manufacturing Professional Services Retail Trading Others
Customer Service

Back

Customer Service

Customer Login Services Hotline Service Center
About Us

Back

About Us

Our Company Our Partners News Center Accreditation & Awards Success Stories Videos Contact Us Careers Blog
Resources Center

Back

Resources Center

Product Leaflets New Offering Videos White Paper Success Stories
Russia

Back

APAC

Japan (日本) : English
Malaysia : English /中文(简)
Singapore : English /中文(简)
Taiwan (台灣) : English /中文(繁)

Europe & CIS

The Netherlands : English (Netherlands)
Estonia (Eesti) : Eesti /English (Estonia)
Russia (Россия) : Русский /English (Russia)

Mainland China

Mainland China: English/ 中文(简)