Notice: Constant JS_PATH already defined in /home/futuqrak/public_html/wp-content/themes/sahifa/framework/shortcodes/shortcodes.php on line 6
Security: If You’ve Stayed in a Hotel Your Data Has Probably Been Leaked, Report Finds – FutureTechRumors
Home / Security / Security: If You’ve Stayed in a Hotel Your Data Has Probably Been Leaked, Report Finds

Security: If You’ve Stayed in a Hotel Your Data Has Probably Been Leaked, Report Finds

Security:

Security: Illustration for article titled If You've Stayed in a Hotel Your Data Has Probably Been Leaked, Report Finds
Photo: Mario Tama (Getty)

Two-thirds of hotel websites leak guests’ booking information, according to a new security report.

Last November, Marriott International revealed it had experienced one of the biggest breaches in history, exposing data from 500 million guest records. But a study from the cybersecurity firm Symantec released on Thursday shows it’s not just Marriott guests that need to be concerned about their data.

Symantec threat researcher Candid Wueest analyzed 1,500 hotel websites across 54 countries, spanning two-star to five-star-rated hotels. He discovered that two out of three hotel sites inadvertently leak personal information and booking data to third-party entities, including analytics and ad companies.

The main issue the researcher discovered was the hotels’ practice of including a direct access link in the confirmation emails sent to guests. In 57 percent of the hotel sites that the researchers tested, a link in the email lead directly to the reservation without requiring authentication. Therefore, anyone with the URL link can access the customer’s information.

Since these websites have content from advertisers and analytics tools, those third-party entities could access the URL that shows customer information.

“While it’s no secret that advertisers are tracking users’ browsing habits, in this case, the information shared could allow these third-party services to log into a reservation, view personal details and even cancel the booking altogether,” Wueest writes in the report.

The researcher also found that some hotel sites were vulnerable to brute force attacks, in which the hacker tries multiple combinations of a booking reference, usually through a machine that does it automatically. For some websites, he did not even need a name or email, just a reference code. “I found multiple examples of these coding mistakes, which would have allowed me to not only access all active reservations for a large hotel chain, but also view every valid flight ticket of an international airline,” Wueest wrote.

He suggested such brute force attacks could be useful to a hacker who wants to target the people at a particular hotel conference.

Wueest said in the report that he alerted every hotel of the issue, and 25 percent of the hotel’s data privacy

Read More

About admin

Check Also

Security: That WhatsApp Security Flaw Is rarely as Defective as It Sounds

Security: That WhatsApp Security Flaw Is rarely as Defective as It Sounds

Image: PexelsA security alert of sorts went out this week for WhatsApp users, which suggested that the platform has a security flaw that allows someone to “Use the ‘quote’ feature in a group conversation to change the identity of the sender, even if that person is not a member of the group,” and to “Alter…

Leave a Reply

Your email address will not be published. Required fields are marked *