We use cookies on this website to provide a user experience that’s more tailored to you. By continuing to use the website, you are giving your consent to receive cookies on this site. Read more about our Cookie Policy and Privacy Policy.

I accept
Hong Kong
Hotline Contact Join Us
 Follow
< Back
Products & Services
Networking Information Security Cloud Solutions Cloud Data Center Internet Services Managed Services Europe Solutions
< Back
Solutions
Architecture, Engineering & Construction Automobile BFSI Logistics & Transportation Manufacturing Legal & Accounting Services Retail Healthcare
< Back
Technology & Services
Consulting Services Customer Services
< Back
About Us
Our Company Global Ecosystem Partners News Center Accreditation & Awards Careers
< Back
Resources Center
Product Leaflets New Offering Videos White Paper Success Stories Blog
< Back
Contact Us
Contact Us Regional Contacts Services Hotline

Home > Resources Center > Blog

2018-11-02

Hong Kong Airlines leaks passengers' personal information

Information Security

Hong Kong Airlines leaks passengers' personal information

It is suspected that Hong Kong Airlines has a serious loophole in the e-boarding pass issued. By modifying the e-boarding pass URL, the boarding pass number and flight details of another passenger are disclosed. Important personal data such as passenger name, date of birth, passport number and expiry date can also be checked with the information via the official website of airline.

This vulnerability is one of the Open Web Application Security Project (OWASP)’s Top 10 vulnerabilities – A5:2017 “Broken Access Control”, programmers expose insecure direct object references. The airlines in the event did not encode the passenger information on the e-boarding pass, which results in the possibility of unauthorized access to important personal data of other passengers by modifying the e-boarding pass URL.

We recommend that when processing sensitive data, strict monitoring and identity authorization verification are required to reduce the risk of unauthenticated or unauthorized access exploiting by hackers. In addition, it is a best practice to perform a regular full assessment to enterprises’ network infrastructure and web applications which identifies potentially damaging vulnerabilities and threats.

< Previous

Back

Next >

Featured
What is Multi-Cloud Solution? Exploring Flexibility, Agility, and Cost Optimization for Enterprises
What is Multi-Cloud Solution? Exploring Flexibility, Agility, and Cost Optimization for Enterprises
Novotech Wins
Novotech Wins "2024 National Award for Outstanding Practice and Team in Pharmaceutical and Healthcare Digitalization" and Opens a Way for Pharmaceutical Globalization with its Digital Intelligence
【Security Matters】AI+ Cybersecurity: Unleashing Comprehensive Protection for Enterprise Assets
【Security Matters】AI+ Cybersecurity: Unleashing Comprehensive Protection for Enterprise Assets
【Intelligence Operation Journey】Realizing Smart Manufacturing Through Intelligent Technologies
【Intelligence Operation Journey】Realizing Smart Manufacturing Through Intelligent Technologies
Establish Cybersecurity Best Practices Against Insider Threats
Establish Cybersecurity Best Practices Against Insider Threats
Select Tags
Artificial Intelligence Data Analytics Cloud Computing Network Customer Experience Data Center Ecosystem Sustainability Information Security Intelligent Innovation SASE Blockchain SD-WAN Digital Transformation
Contact Us
Company Name:
Contact Name:
Title:
Contact Phone Number:

-

Email:
Remark

Please slide to verify

Products & Services
Networking Information Security Cloud Solutions Cloud Data Center Internet Services Managed Services Europe Solutions
Solutions
Architecture, Engineering & Construction Automobile BFSI Logistics & Transportation Manufacturing Legal & Accounting Services Retail Healthcare
Technology & Services
Consulting Services Customer Services
Resources Center
Product Leaflets New Offering Videos White Paper Success Stories Blog
About Us
Our Company Global Ecosystem Partners News Center Accreditation & Awards Careers
Contact Us

General Enquiry / Sales Hotline +852 2170 7401

Service Hotline +852 2331 8930

Contact Us

Follow Us

Sitemap Disclaimer Net Abuse Policy Privacy Notice Cookie Policy Accessibility Statement Terms & Conditions 中信集團品牌認證 | 中信雲賦能

Copyright © 中信國際電訊(信息技術)有限公司 CITIC Telecom International CPC Limited

Hotline
Contact
Join Us
Follow

Thank you for your enquiry.


We will contact you shortly.
Need help? Chat with CPC Chatbot
Supported browsers: Latest versions of IE11, Firefox, Chrome and Safari.
Terms & Conditions
Welcome to CITIC Telecom International CPC Limited. Your conversation with CPC Chatbot may be recorded for training, quality control and dispute handling purposes. By clicking “Continue” and using CPC Chatbot, you accept and agree to be bound by our Privacy Policy and give your consent to receive cookies on this site. Read more about our Cookie Policy and Privacy Policy.
Continue