Wednesday, Aug 05, 2020 | Last Update : 10:38 AM IST

133rd Day Of Lockdown

Maharashtra45795629935616142 Tamil Nadu2682852087844349 Andhra Pradesh176333956251604 Karnataka145830692722704 Delhi1391561252264033 Uttar Pradesh100310572711817 West Bengal80984568841785 Telangana6894649675563 Gujarat65704485612529 Bihar6203140760349 Assam4816233429115 Rajasthan4667932832732 Haryana3779631226448 Odisha3768124483258 Madhya Pradesh3508225414912 Kerala279561629988 Jammu and Kashmir2239614856417 Punjab1901512491462 Jharkhand140705199129 Chhatisgarh10109761369 Uttarakhand8008484795 Goa7075511460 Tripura5520367528 Puducherry4147253758 Manipur301818147 Himachal Pradesh2879171013 Nagaland24056594 Arunachal Pradesh179011053 Chandigarh120671520 Meghalaya9173305 Sikkim7832971 Mizoram5022820
  Technology   In Other news  11 Apr 2019  Two out of three hotels accidentally leak guests' personal data

Two out of three hotels accidentally leak guests' personal data

REUTERS
Published : Apr 11, 2019, 1:15 pm IST
Updated : Apr 11, 2019, 1:15 pm IST

Compromised personal information includes full names, email addresses, credit card details and passport numbers of guests.

Compromises usually occur when a hotel site sends confirmation emails with a link that has direct booking information. (Photo: Pixabay)
 Compromises usually occur when a hotel site sends confirmation emails with a link that has direct booking information. (Photo: Pixabay)

Two out of three hotel websites inadvertently leak guests’ booking details and personal data to third-party sites, including advertisers and analytics companies, according to research released by Symantec Corp on April 10.

The study, which looked at more than 1,500 hotel websites in 54 countries that ranged from two-star to five-star properties, comes several months after Marriott International disclosed one of the worst data breaches in history.

 

Symantec said Marriott was not included in the study.

Compromised personal information includes full names, email addresses, credit card details and passport numbers of guests that could be used by cybercriminals who are increasingly interested in the movements of influential business professionals and government employees, Symantec said.

“While it’s no secret that advertisers are tracking users’ browsing habits, in this case, the information shared could allow these third-party services to log into a reservation, view personal details and even cancel the booking altogether,” said Candid Wueest, the primary researcher on the study.

 

The research showed compromises usually occur when a hotel site sends confirmation emails with a link that has direct booking information. The reference code attached to the link could be shared with more than 30 different service providers, including social networks, search engines and advertising and analytics services.

Wueest said 25 per cent of data privacy officers at the affected hotel sites did not reply to Symantec within six weeks when notified of the issue, and those who did took an average of 10 days to respond.

“Some admitted that they are still updating their systems to be fully GDPR-compliant,” Wueest said, referring to Europe’s new privacy law, or the General Data Protection Regulation, which took effect about a year ago and has strict guidelines on how organisations should deal with data leakage.

 

Tags: symantec, cybercrime, information leaks, security, research