Hyatt launches bug bounty programme to uncover security vulnerabilities

Hyatt launches bug bounty programme to uncover security vulnerabilities

Hyatt launches bug bounty programme to uncover security vulnerabilities

Soon after Marriott International announced that a massive data breach it suffered last year compromised approximately 383 million data records, including 5.25 million unique unencrypted passport numbers, Hyatt announced that it is launching a new bug bounty programme to plug security weaknesses in its customer-facing platforms.

Launched in partnership with HackerOne, the bug bounty programme will involve Hyatt inviting ethical hackers to snuff out unpatched security vulnerabilities in its mobile applications for iOS and Android operating systems and websites such as,, and

“At Hyatt, protecting guest and customer information is our top priority and launching this program represents an important step that furthers our goal of keeping our guests safe every day. As one of the first global hospitality brands to launch this type of programme, we extend the ways we care for our guests and deepen our commitment to protecting their sensitive information,” said Benjamin Vaughn, the chief information security officer at Hyatt.

“Bug bounty programs are a proven method for advancing an organization’s cyber security defenses, trusted by leading enterprises across industries. In today’s connected society, vulnerabilities will always be present. Organizations like Hyatt are leading the way by taking this essential step to secure the data they are trusted to hold,” said Marten Mickos CEO of HackerOne.

Hyatt deployed unified software to plug server issues

Recently, Hyatt deployed Splunk Enterprise and the Splunk Machine Learning Toolkit in a move to centralise solutions to monitor and troubleshoot server issues and improve application delivery. The adoption of these solutions has enabled the hotel chain to maintain greater visibility over 700 different servers and enabled developers to identify issues in quick time.

The new bug bounty programme launched by Hyatt could also prevent a repeat of the scale of highly-publicised breaches it suffered twice in the past our years. Back in 2015, hackers were able to access credit card systems at 250 Hyatt hotels across 50 countries for as long as four months without getting detected.

Between March and July 2017, suspected hackers were able to access payment card information of customers at several Hyatt hotels located in China, Brazil, the United States, India, Japan, Malaysia and several other countries. In all, a total of 41 properties across 11 countries were affected by the breach.

According to Hyatt, the hackers were able to access details of payment cards which were either swiped or manually entered at the front desk of the affected hotels. Details accessed by the hackers included cardholder names, card numbers, verification codes and expiration dates.

“Hyatt’s layers of defense and other cybersecurity measures helped to identify and resolve the issue. While this incident affects a small percentage of total payment cards used at the affected hotels during the at-risk dates,” said the hotel group.

Copyright Lyonsdown Limited 2021

Top Articles

Cyber-criminals manipulating reality

Research has found a drastic rise in destructive attacks, where adversaries deploy advanced techniques to deliver more targeted, sophisticated attacks that distort digital reality

Venari Security raises funding to fight encrypted traffic threat

Venari Security has raised series A funding to help organisations fight back against rapidly growing encrypted traffic threat.

Hackers are using hacked Chipotle email account to steal your passwords

Hackers have reportedly taken control of an email marketing account used by the Chipotle food chain and are using the account to fool Internet users to share their personal information…

Related Articles

[s2Member-Login login_redirect=”” /]