Responding to the disclosure by Orbitz that hackers may have gained access to 880,000 payment card numbers stored on a legacy system and used by members to used to book travel through the site and Orbitz partners, a STEALTHbits cybersecurity expert commented below.
Jonathan Sander, CTO at STEALTHbits Technologies:
“Orbitz and Expedia are companies born on the internet, but they are clearly not immune to the oldest IT flaws in security fundamentals. IT has been building new systems without ever killing off the old ones since the beginning of technology. Sometimes this is because those systems are business critical (looking at you mainframes). Sometimes it’s simple inertia that makes it hard to get rid of the older versions. There are many issues with keeping old versions of systems around, but security problems are always there. Security is hard, doing it twice because there are two versions of system is twice as hard, and human nature dictates the older version will get less attention from the staff defending against threats.”