RCI Hospitality Holdings has reported a data breach affecting approximately 40,000 individuals due to an insecure direct object reference vulnerability on its web server, exposing sensitive personal information such as names, contact details, and Social Security numbers. The company has notified the FBI and is cooperating with investigations following the incident.
The most valuable insight for you from this content is the exposure of an IDOR vulnerability in a web server managed by RCI Hospitality, which led to unauthorized access to sensitive personal data of approximately 40,000 individuals. This highlights the critical importance of securing direct object references to prevent unauthorized access and suggests an actionable step to review and remediate similar vulnerabilities within your own or your clients' systems, especially those involving URL or request value manipulations.