After two recent payment card breaches Hyatt Hotels launches a bug bounty

As Marriott hotels continues sizing up its mega data breach, Hyatt Hotels is kicking off a bug bounty to find flaws in its websites and apps before hackers do. 

Hyatt’s public bug bounty, announced today, invites all ethical hackers to probe its websites and mobile apps for security flaws. It will offer cash rewards of up to $4,000 to hackers who report bugs through its program with bug bounty platform HackerOne. 

Hyatt Hotels boasts its bug bounty is a first in the hotel industry, which has been a soft target for hackers who’ve accessed hundreds of millions of guests’ personal and payment card data over the past few years. Hilton Worldwide, Mandarin Oriental and Marriott Hotel’s Starwood Hotels & Resorts Worldwide have all suffered breaches in recent years. 

“At Hyatt, protecting guest and customer information is our top priority and launching this program represents an important step that furthers our goal of keeping our guests safe every day,” said Hyatt chief information security officer Benjamin Vaughn. 

“As one of the first global hospitality brands to launch this type of program, we extend the ways we care for our guests and deepen our commitment to protecting their sensitive information.” 

White hat or ethical hackers can earn rewards if they report security flaws on Hyatt.com, m.hyatt.com, world.hyatt.com, and Hyatt's iOS and Android mobile app. Rewards range from $4,000 for critical flaws to $300 for low severity issues. 

Valid vulnerabilities range from SQL injection web app flaws to finding Hyatt data on public cloud storage services and front-end system flaws that give access to backend systems. 

Hyatt revealed in 2016 that hackers had compromised payment card data at 250 locations in 50 countries after its payment processing systems were infected with malware. A year later had compromised payment card data at 41 of its properties in 11 countries

Marriott Hotels this week said that hackers had compromised 383 million records after discovering in September that hackers had accessed Starwood's reservation database. It initially believed the incident affected 500 million records. Still, the hackers gained access to 5.25 million unencrypted passport numbers and 8.6 million encrypted payment cards. 

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags Vulnerabilitiesmarriott hotelsBug bountyethical hackersHackerOneHyatt Hotels

More about Resorts Worldwide

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts