Responding to the disclosure by Orbitz that hackers may have gained access to 880,000 payment card numbers stored on a legacy system and used by members to used to book travel through the site and Orbitz partners, a STEALTHbits cybersecurity expert commented below.
“Orbitz and Expedia are companies born on the internet, but they are clearly not immune to the oldest IT flaws in security fundamentals. IT has been building new systems without ever killing off the old ones since the beginning of technology. Sometimes this is because those systems are business critical (looking at you mainframes). Sometimes it’s simple inertia that makes it hard to get rid of the older versions. There are many issues with keeping old versions of systems around, but security problems are always there. Security is hard, doing it twice because there are two versions of system is twice as hard, and human nature dictates the older version will get less attention from the staff defending against threats.”
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.