The booking system Amadeus is used by airlines around the globe, but one security researcher has discovered that it’s all too easy to edit or steal passenger reservation details using either a surname or a booking reference number. Amadeus has said that it’s working to review the current situation.
Amadeus, the booking system currently in use by multiple airlines, may be widely utilized around the globe, but as Tech Crunch reports, one Israeli security researcher has discovered that it’s all too simple to amend a passenger’s reservation details using a small amount of information.
According to the outlet, researcher Noam Rotem “found that any airline using Amadeus made it easy to edit and change someone’s reservation with just their booking reference number. No surname needed. In some cases, he didn’t even need to obtain someone’s booking number.”
Passenger booking reference numbers are normally imprinted on boarding passes or on luggage tags.
Armed with only this information, the outlet observes that not only is it possible to edit and change details such as seating assignments, but it would also be possible to glean personal passenger information from a breach of this booking system.
As Safety Detective reports, Rotem initially came across this problem as he was booking a flight with El Al, Israel’s flag carrier. “The same breach was then discovered to include 44% of the international carriers market, potentially affecting tens of millions of travelers,” the outlet reports.
Commenting to Tech Crunch, a spokesperson for Amadeus said that the company was seeking to rectify this security issue and added, “We are working closely with our customers and we regret any disruption this situation may have caused.”
They added that “further improvements should include reviewing and changing some of the industry standards themselves, which requires industry collaboration. At Amadeus, we give security the highest priority and are constantly monitoring and updating all of our products and systems.”