Vulnerability is result of Marriott s system failing to use any kind of authentication on requests, researcher says. An attacker who knew the Marriott Rewards number could query the back end and retrieve sensitive information. The vulnerability was discovered by a researcher who reported it to Marriott’s security team. Marriott fixed the issue within a day, researcher Randy Westergren says. The company had angered customers and run afoul of regulators at the FCC by sometimes sending deauthentication packets to guests devices in order to prevent them from using their own WiFi hotspots.
Source: https://threatpost.com/marriott-fixes-simple-bug-in-web-service-that-could-explose-customer-data/110637/