[RISK] visitdubai.com Faces ATO Risks
Summary:The official tourism website of Dubai, visitdubai.com, faces the risk of Account Takeover (ATO), with nearly a thousand members having been impacted.
Visit Dubai, the official tourism and events information website of the Dubai Department of Tourism and Commerce Marketing, offers global travelers comprehensive information on Dubai's attractions, events, accommodations, dining options, and local culture. However, this website is at risk of Account Takeover (ATO).
When attackers successfully execute an ATO attack, they can gain access to the user's entire registration and private information stored on the visitdubai.com website. Furthermore, they can perform all operations within the scope of the account's permissions without authorization, such as making bookings for flights, hotels, and other services, as well as viewing all the booking history of the current user. According to the detection by THUD TECHNOLOGY PTE. LTD.(darkweb.vc), nearly a thousand members have been impacted.
We recommend notifying the website's members of the leaked login credentials through 'Dark Web Reports', urging them to promptly update their credentials. Regardless of whether 2FA is implemented, securing leaked accounts by locking them and resetting login credentials is a robust security measure. Additionally, it’s advisable to alert affected users to change their passwords immediately. DarkWeb.vc offers highly cost-effective intelligence on login credential leaks to enterprises.