Security experts discovered a CSRF vulnerability in the Hilton website that could be exploited by attackers to take over every Hilton Honors account. Experts discovered that any authenticated users could impersonate any another account by knowing its account number. The vulnerability was uncovered by Brandon Potter and JB Snyder, technical security consultant and founder at security firm Bancsec. The flaw was fixed and there is no more news about it, but Krebs verified it with the support of the researchers using his personal account. Hilton issued an official statement confirming the presence of the vulnerability: We are committed to safeguarding our guests personal information”]