Click For Photo: https://cnet1.cbsistatic.com/img/0uPR41i_ReBNLOAi_n0PrsLUmdw=/756x567/2019/02/27/069519f5-6a66-4d66-89e6-ed1e88fec41b/cybersecurity-hacking-14.jpg
Confirmation and reservation emails from hotels are leaking your information to third parties and advertisers, researchers said.
When your hotel automatically emails you your booking information, there's a good chance that you're not the only person with access to those documents.
Symantec - Security - Company - Flaws - Hundreds
Symantec, a security company, found flaws on hundreds of hotel websites, which were leaking sensitive information like names, phone numbers, passport numbers and addresses in confirmation emails.
Candid Wueest, a threat researcher at Symantec, said he looked at more than 1,500 hotel websites in 54 countries and found the issues among two-thirds of them.
Hotels - Target - Cyberattacks - Troves - Data
Hotels are a primary target for cyberattacks, as they hold treasure troves of data on guests during vacation season. They are frequently hacked, as cyberattacks on Sheraton, Westin, Starwood, Marriott and Wyndham hotels over the last few years show. Last November, Marriott disclosed that hackers had stolen records from up to 383 million guests in one of the largest personal data breaches in history.
Hotels have a hotbed of data, and their websites have been leaking out that information, Wueest said. One major issue stems from the URL that they send to guests in emails. About 850 hotel websites don't require authentication to see those details, allowing anyone with the link to view your personal information. Nearly one-third of those pages have the booking number in the URL itself, Wueest found.
Guest - Person - URL - Issue
If the guest were the only person who could view that URL, it wouldn't be much of an issue, but these...
(Excerpt) Read more at: CNET
Wake Up To Breaking News!
One of the countries we liberated was Russia, too bad it seems to have cost us our liberty.