Marriott’s Android app left customers’ credit card information wide open for years

Marriottheadquarters
Marriott’s already been in hot water as of late, thanks to its decision to block personal Wi-Fi hotspots, a decision that led to an FCC fine of $600,000. Now, Marriott finds itself in even deeper hot water as a software developer discovered a vulnerability in its Android app, which reportedly left credit card information open for hackers to nab for years.

According to Randy Westergren, who is the software developer in question, he discovered the vulnerability after he logged into the app using only his Membership ID number. After doing so, he realized the app made a request to fetch reservations, even though he had none. He discovered that the app was fetching reservations through unauthenticated requests, which means he could type in a different Membership ID and send it to the server. By doing so, Westergren could find out a customer’s reservation, the hotel where they will be staying at, and the check-in time.

Once he had this information, Westergren could easily log into Marriott’s website with it, since the site only requires a last name and reservation number to log in. Doing so granted Westergren the ability to cancel planned trips and obtain addresses, credit card numbers, and customer information. Granted, only the last four digits of their credit cards would be revealed, but that would be more than plenty for hackers to work with.

Thankfully, according to Westergren, Marriott fixed the issue a day after his report saw the light of day. We’ve yet to read or receive any reports of compromised accounts, so if you frequently use the Marriott app, your information should be safe. Even so, thinking about how the app first launched back in 2011 with this vulnerability doesn’t exactly make anyone very happy, to say the least.

Apple

Rumors say Apple's AirPower wireless charger may finally be in production

At its September event in 2018, Apple unveiled the AirPower, a new wireless charging mat that will allow you to charge multiple devices at one time. It has not yet been released. Here's everything we know about the device so far.
Movies & TV

How much does Netflix cost? Here’s a pricing breakdown of its plans

Wondering how much a Netflix subscription costs? You're not the only one. That's why we put together a quick-hit guide covering all the Netflix plans, whether you want to opt for 4K streaming or a disc-based option.
Movies & TV

Curious about 'Spider-Man: Far From Home'? Here's everything we know so far

Despite some mystery surrounding Spider-Man's future after the events of Avengers: Infinity War, Spider-Man: Far From Home swings into theaters in July 2019. Here's everything we know about the movie so far.
Computing

Getting Windows 10 updated doesn't have to be so painful

Windows update not working? It's a more common problem than you might think. Fortunately, there are a few steps you can take to troubleshoot it and in this guide we'll break them down for you step by step.
Gaming

Here’s everything we know about ‘Yoshi’s Crafted World’ for the Switch

Yoshi's first big adventure on Nintendo Switch, Yoshi's Crafted World, will whisk you off into a cardboard world to stop the treachery of Baby Bowser and Kamek. Here's everything we know about the adorable platformer.
Computing

Beam up the videos: AirPlay support is coming to VLC player

At CES 2019, the developers of VLC player announced they are adding support for Apple's Airplay feature, allowing consumers to beam video and other content from their iPhone and Android devices to an Apple TV. 
Mobile

Oppo could reveal a new smartphone with a 10x optical zoom

Cracking a solid zoom on smartphones has been a riddle many years in the solving. One company may have finally cracked it though: Oppo may be about to show off a phone with a 10x optical zoom.
Mobile

The LG G8 ThinQ may arrive at MWC 2019 with an on-screen speaker

LG is expected to release a successor to the LG G7 ThinQ, possibly called the LG G8 ThinQ, this year and rumors about it are already spreading. Here's everything we know about it so far.
Outdoors

Nike’s Adapt BB shoes let you tighten your laces with an iPhone

The new Nike Adapt BB shoe comes with smartphone connectivity that allows the user to tighten the laces using a smartphone while providing the ability to adjust tension throughout the game.
Wearables

How to switch TicHealth to Google Fit on the Mobvoi TicWatch C2 and TicWatch Pro

The Mobvoi TicWatch C2 and TicWatch Pro are both much-loved and feature-packed watches, and they offer excellent fitness tracking. Recently, Mobvoi has switched out Google Fit for TicHealth, but you can switch them back. Here's how.
Mobile

If you're looking for a good laugh, here are 70 questions to ask Siri

Siri has come a long way since her first appearance on the iPhone 4S in 2011. We know she can make appointments and give directions, did you know she can make you laugh too? If you want proof, here are lots of funny questions to ask Siri.
Mobile

Benchmark results show Snapdragon 855 destroys previous-generation chip

Almost exactly a year after the launch of the Snapdragon 845, Qualcomm took the wraps off of its next-generation mobile platform, the new Snapdragon 855. The new chip puts an emphasis on A.I. performance.
Mobile

We tried all the latest and greatest smartphones to find the best of 2019

Smartphones are perhaps the most important and personal piece of tech on the planet. That’s why it’s important to pick the best phone for your individual needs. Here are the best smartphones you can buy.
Mobile

On a budget? We found the best affordable smartphones you can buy

Here are the best cheap phones for anyone working with a tight budget, whether you're a fan of stock Android or marathon battery life. Find out what you can get for under $500 or far, far less as we round up the best budget smartphones.