A security flaw may be hiding in that confirmation email you get after booking a hotel room online.
Around two-thirds of hotel websites carelessly leak some guest personal data to third-party companies which could also leave them susceptible to scammers, a new report says.
Cyber security firm Symantec found that booking confirmation emails sent to guests frequently contain links to their booking which are not encrypted, which means anyone on the same network could feasibly get access to the data, including hackers.
This lack of security also allows third-party sites such as advertisers to view personal information, Travel Mole reported.
"The fact that this issue exists, despite the General Data Protection Regulations coming into effect in Europe almost one year ago, suggests that the GDPR's implementation has not completely addressed how organisations respond to data leakage," said Candid Wueest, principal threat researcher at Symantec.
The company looked at more than 1,500 hotel websites in 54 countries, ranging from two- to five-star properties.
Data which was unwittingly leaked includes names, email addresses, passport numbers and some credit card details
Wueest said data privacy officers at a quarter of all hotels did not reply within six weeks when notified of security issues. Which is not good news for travellers. It seems some hotels simply do not care.
Around two-thirds of hotel websites carelessly leak some guest personal data to third-party companies which could also leave them susceptible to scammers, a new report says.
Cyber security firm Symantec found that booking confirmation emails sent to guests frequently contain links to their booking which are not encrypted, which means anyone on the same network could feasibly get access to the data, including hackers.
This lack of security also allows third-party sites such as advertisers to view personal information, Travel Mole reported.
"The fact that this issue exists, despite the General Data Protection Regulations coming into effect in Europe almost one year ago, suggests that the GDPR's implementation has not completely addressed how organisations respond to data leakage," said Candid Wueest, principal threat researcher at Symantec.
The company looked at more than 1,500 hotel websites in 54 countries, ranging from two- to five-star properties.
Data which was unwittingly leaked includes names, email addresses, passport numbers and some credit card details
Wueest said data privacy officers at a quarter of all hotels did not reply within six weeks when notified of security issues. Which is not good news for travellers. It seems some hotels simply do not care.
Interesting Article. Hoping that you will continue posting an article having a useful information. Pallet Transport Sydney
ReplyDelete