Too many hotel websites leak personal data: Symantec say

Too many hotel websites leak personal data: Symantec say

Two-thirds of hotel websites inadvertently leak personal data to third-party companies and leave customers vulnerable to hackers.

This is according to research from cyber security firm Symantec, which found that the majority of booking systems used by hotels could allow scammers to access information such as mobile phone and passport numbers.

The leaks come from confirmation emails, sent to customers often containing an unsecured direct link to their booking. The report suggests that anyone on the same network could intercept the email and modify or cancel their reservation.

Principal threat researcher, Candid Wueest, tested the websites of 1,500 hotels from 54 countries and found that two in three of them, or 67%, had the problem. The security lapses are in breach of the EU's GDPR laws, which state that firms must protect the personal data of customers.

Advertisement
Norton by Symantec 728x90

"The fact that this issue exists, despite the GDPR coming into effect in Europe almost one year ago, suggests that the GDPR's implementation has not completely addressed how organisations respond to data leakage," said Wueest.

Of the websites Wueest tested, more than half (57%) send confirmation emails to customers with a direct access link to their booking. This is for the convenience of the customer, giving them a simple link to click straight into their reservation without having to log in.

Because these emails require a static link, the booking reference code and the email are sent in the URL itself. This wouldn't be a problem on its own, but most of the websites load additional content on the same website, such as advertisements, meaning that the direct access is shared, either directly with other resources or indirectly through the referrer field in the HTTP request.

There are other scenarios in which the booking data may also be leaked. Some sites pass on the information during the booking process, while others leak it when the customer manually logs into the website. In most cases, Wueest found that the booking data remained visible, even if the reservation has been cancelled, offering up a large window of opportunity for hackers to steal personal information.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

back to top

Popular Cyber News

Top Tips to Protect Your Business Against Social Media Mistakes

Top Tips to Protect Your Business Against Social Media Mistakes

11 May, 2019

Don't let social media become the go-to platform for cybercriminals looking to steal sensitive corporate information or ...

Study Shows Extent of Cyber Risk

Study Shows Extent of Cyber Risk

10 May, 2019

A new study shows SMBs face greater security exposure, but large companies still support vulnerable systems as well. ...

How to Secure your Azure Storage accounts

How to Secure your Azure Storage accounts

14 May, 2019

Enterprise data is growing exponentially and becoming more complicated, making it harder to manage, and an even bigger c...

Vodafone is Challenging Huawei Report of Telnet 'Backdoor'

Vodafone is Challenging Huawei Report of Telnet 'Backdoor'

01 May, 2019

Vodafone is challenging a Bloomberg report that security vulnerabilities and backdoors within Huawei networking equipmen...

Malware: Doesn't need to be new to cause serious damage

Malware: Doesn't need to be new to cause serious damage

05 May, 2019

The good news is: The development of new malware exploits has slowed significantly.

Microsoft adds Plug and Play to IoT

Microsoft adds Plug and Play to IoT

03 May, 2019

Microsoft just announced that it wants to add the advantages of Plug and Play, which allows you to plug virtually any pe...

Twitch streamers take action to secure their accounts against hacks

Twitch streamers take action to secure their accounts against hacks

30 April, 2019

Twitch has an account hacking problem.

Over 22 billion IoT devices are out there

Over 22 billion IoT devices are out there

20 May, 2019

Enterprise Internet of Things (IoT) remains the leading segment, accounting for more than half of the market, with mobil...

Todays Cloud Security

Todays Cloud Security

06 May, 2019

Enterprise cloud security is making real progress, however emerging technologies call for security teams to keep up with...

Categories

Home Tech Reviews UK

Mobile Tech Reviews UK

×

Sign up to keep in touch!

Be the first to hear th latest Cyber and Tech News straight to your mailbox.

Check out our Privacy Policy & Terms of use
You can unsubscribe from email list at any time