Tag Archives: Amadeus

Amadeus Booking Platform flaw puts customer data at risk

Amadeus Rocked As Booking Platform Flaw puts customer data at risk

News that a flaw found on the Amadeus Booking platform had the potential to not only leak personal data, it could have also have allowed changes to be made to the clients bookings. Fortunately thus far no evidence has been found to say it has happened.

The potential chaos that could have been caused had the defective code been found by bad actors and exploited cannot be over-stated, hopefully the security researcher is in line for a bug bounty having notified Amadeus of the issue and potentially spared the industry from another major incident.

The problem was initially identified by an Israeli security researcher, Noam Rotem while he was booking a flight with the Israeli national carrier ELAL, Amadeus were notified and the bug was subsequently patched.

Allegedly the bug could not only have been used to view information, it could potentially have been used to make changes to bookings, imagine the uses cyber criminals and even tech savvy terrorists might have made of that one.

Worryingly some researchers have claimed the actual fix may not be as effective as it should be.

Amadeus Booking Platform Security Flaw
A security flaw in the Amadeus booking platform could have exposed customer data

The problem was not restricted to EL AL however as the coding flaw would have potentially affected all of the carriers served by Amadeus.

The security issue at Amadeus is the latest in a series of incidents to affect the Travel Industry with British Airways and Eurostar both having been hit in recent months and the sobering fact is that none of us are immune to the possibility of data breach and we are also likely to suffer adversely when our suppliers are targeted as could easily have been the case with Amadeus.

The fact that Amadeus supply services to a large proportion of the Travel Industry graphically illustrates that we must all be vigilant across the entire supply chain and our DR plans need to be inclusive of incidents that are to an extent beyond our control.

Doing our bit to ensure the Travel Industry retains customer trust

While we have to trust our major suppliers to be on top of their security we need to make efforts to ensure we don’t become the weak link in the security chain of trust.

Two essential steps companies can easily take to raise levels of security are to adopt staff training programs in Security Awareness Training and in addition adopting good password hygiene.

Take this opportunity to update your Cyber Security practices.

Sign up for the Tamite Security Awareness Training or call 0800 088 7201 to discuss ways we can help your business