Hyatt Hotels launches bug bounty programme

The company turns to external help to prevent data breaches from ever affecting its properties again, says report

Operators, Cyber, Hyatt, Security alert, Security breach, Security threat

A report by online portal ZD Net has said that “Hyatt Hotels has launched a bug bounty program in light of recent card-skimming attacks against the hospitality chain.”

Reportedly, the company said the new initiative will be hosted on bug bounty programme HackerOne and is designed to allow Hyatt to "tap into the vast expertise of the security research community to accelerate identifying and fixing potential vulnerabilities".

Ethical hackers can use the platform -- as well as rival services such as Bugcrowd -- to report vulnerabilities, security flaws, leaky servers and more before less well-intentioned individuals stumble across them, potentially leading to cyberattacks or data theft, said the report.

Did you like this story?
Click here for more

The bug bounty programme is public and includes the main hyatt.com domain, m.hyatt.com, world.hyatt.com, and both the iOS and Android Hyatt mobile apps.

Novel origin IP address discovery, authentication bypass, back-end system access via front-end services, container escapes, SQL injections, cross-site request forgery, WAF bypass, and cross-site scripting (XSS) bugs will all be considered for rewards, among other issues. 

Speaking to ZD Net, Benjamin Vaughn, Hyatt chief information security officer, said:  "At Hyatt, protecting guest and customer information is our top priority and launching this program represents an important step that furthers our goal of keeping our guests safe every day. “

The report noted that in a Q&A with HackerOne, Vaughn said an invitation-only program was launched first, which may account for the $5,650 in bug bounty rewards which have already been issued at the time of writing.

“It is unfortunately quite common for hotel chains and others in the hospitality space to become the focus of cyberattacks due to the vast amount of valuable data these businesses process and store,” said the report.

ZD Net also pointed out that “Hard Rock Hotels & Casinos, Loews Hotels, Radisson Hotel Group, the Trump Hotel Collection, Marriott, and Hyatt Hotels itself is on the list of organizations which have experienced successful cyberattacks in recent years.”

For all the latest hospitality news from UAE, Gulf countries and around the world, follow us on Twitter and Linkedin, like us on Facebook and subscribe to our YouTube page.

Most Popular

Newsletter

Reports

Human Capital Report 2017

Human Capital Report 2017

The second annual Hotelier Middle East Human Capital Report is designed to explore the issues, challenges and opportunities facing hospitality professionals responsible for the hotel industry’s most important asset – its people. The report combines the results of Hotelier Middle East's HR Leaders Survey with exclusive interviews with the region's senior human resources directors.

Hotelier Middle East Housekeeping Report 2016

Hotelier Middle East Housekeeping Report 2016

The Hotelier Middle East Housekeeping Report 2016 provides essential business insight into this critical hotel function, revealing a gradual move towards the use of automated management and a commitment to sustainability, concerns over recruitment, retention and staff outsourcing, and the potential to deliver much more, if only the industry's "image problem" can be reversed.

From the edition

From the magazine