Security Watch: http://www.ihg.com

I know it has been a while since my last entry, but I have been busy traveling, and teaching software development classes.

In my teachings, I have been focusing more and more On security.

I want to begin posting entries that focus on companies and services. That refuse to acknowledge blatant security concerns.

Now to my first entry:

IHG: http://www.ihg.com

More rooms in more places than any other hotel company. IHG hotels provide more than 674,000 guest rooms globally, serving over 150 million guests each year. Our family of nine trusted brands range from the friendly comfort of a city-center Holiday Inn® hotel to the luxury of an award-winning InterContinental® resort.

This statement was published on the IHG website.

strangely enough over 600,000 guest rooms yet the security for the IHG websites is the worst that I found EVER.

If you enroll in their rewards program you can store room preferences and other details that will help in the booking process. In addition to  that, if you purchase a room on ihg.com, the site will automatically store your credit card information for future use.

While this may sound nice and convenient, there is a gaping security flaw that everyone should know about. When when I say everyone I mean everyone.

NOTE:  I have contacted by IHG several times about this about the issue I’m about to describe and I have never received any response of any kind from anyone at IHG.

Hence why I’m finally making this post.

The only means to secure your account through IHG is with a four digit pin (i.e. password).

That’s right folks a whopping four digits!!!!

doing the math: https://howsecureismypassword.net/  A four digit pin code will take less then one second to brute force crack.

So why my concerned?

Because anyone can crack into any of these accounts and the credit card information as well as all other personal information is completely accessible to everyone and anyone.

Note if you are a IHG member,  protect yourself protect your information protect your account.

Mick Knutson

Java, JavaEE, J2EE, WebLogic, WebSphere, JBoss, Tomcat, Oracle, Spring, Maven, Architecture, Design, Mentoring, Instructor and Agile Consulting. http://www.baselogic.com/blog/resume

View all posts

Categories

BLiNC Adsense