Hotel chain Hyatt sets up bug bounty program

By on
Hotel chain Hyatt sets up bug bounty program

Critical vulnerability finds pay US$4000.

Hyatt Hotels has launched a bug bounty program via HackerOne, seeking to reward researchers who find vulnerabilities in its sites and apps.

Chief information security officer Benjamin Vaughn said the aim of setting up the bug bounty program was to further the hotel's goal of keeping its guests safe.

"As one of the first global hospitality brands to launch this type of program, we extend the ways we care for our guests and deepen our commitment to protecting their sensitive information,”  Vaughn said in a statement.

Depending on the severity of the vulnerabilties found, researchers can earn between US$300 for finding low-risk bugs up to US$4000 for flaws rated as critical according to the Common Vulnerability Scoring System (CVSS) security industry standard.

Some of the vulnerabilties Hyatt will reward researchers for include bypassing Web Application Firewalls (WAFs), finding hotel data on cloud storage services, cross-site request forgery (CSRF) on its sites, business logic bypasses, back-end system access via front-end systems and getting around authentication.

Hyatt's main websites and the hotel chain's Android and Apple iOS mobile apps are deemed to be in scope for vulnerability research, but not its accommodation properties or physical and network infrastructure.

Researchers wishing to take part in the bug bounty program must agree to responsible disclosure rules, and not collect personally identifiable information, authentication data or credit card details from hotel guests.

Hyatt also asks that researchers make a good faith effort to avoid privacy violations, destruction or alteration of data as well as interruption or degradation of the hotel's services.

Hotels have become targets for information stealing attacks over the last few years.

The Hyatt bug bounty follows the global hotel chain being hacked twice in recent times, with credit card data taken.

Rival hotelier Marriott this week reported that the recently-revealed hack of its Starwood reservations system exposed 5.25 million unencrypted passport numbers. 

Initially, Marriott reported that up to half a billion Starwood Hotels guests were impacted by the breach, but now believe less than 383 million are affected.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
bug bounty hackerone hyatt security software starwood

Most Read Articles

Telstra and Optus secure round four mobile blackspot sites

Telstra and Optus secure round four mobile blackspot sites
Telstra, Optus and Vodafone temporarily block websites after Christchurch attack

Telstra, Optus and Vodafone temporarily block websites after Christchurch attack
Coles quietly expands Uber Eats deliveries to essentials like bread, milk, Netflix

Coles quietly expands Uber Eats deliveries to essentials like bread, milk, Netflix
Bendigo Bank outage takes down online banking

Bendigo Bank outage takes down online banking
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

How Macquarie University has prepared for fire and flood
How Macquarie University has prepared for fire and flood
Guide to Fully-Composable Software-Defined Private Cloud
Guide to Fully-Composable Software-Defined Private Cloud
Is slow data silently killing your business? Here's why you should care.
Is slow data silently killing your business? Here's why you should care.
Cloud, AI, infosec: Is your IT strategy keeping up?
Cloud, AI, infosec: Is your IT strategy keeping up?
Australian business moves to a new cloud era
Australian business moves to a new cloud era

Events

Log In

Username / Email:
Password:
  |  Forgot your password?