Technology
2 out of 3 hotels leak your personal details
Follow @https://twitter.com/PCMag
PCMag.com is a leading authority on technology, delivering Labs-based, independent reviews of the latest products and services. Our expert industry analysis and practical solutions help you make better buying decisions and get more from technology.
It turns out one of the riskiest things you can do for your personal data is book a hotel room. That’s the conclusion of Symantec after reviewing more than 1,500 hotel websites spread across 54 different countries.
As Reuters reports, the review carried out by Symantec discovered that two out of every three hotels will leak the booking details of guests. Those details include full names, email address, postal address, mobile number, credit card details (last four digits, card type, expiration), and passport numbers. The information is accessible to third-party websites, advertisers, and analytics companies.
The obvious questions are how? and why? The personal data being leaked stems mainly from the way in which hotels send confirmation emails. They typically include a reference code, which links to all the booking information and doesn’t require a login to access. A quarter of the hotel websites also aren’t encrypting the link, making it much easier to intercept and access the information.
According to Symantec, that reference can be shared with over 30 different service providers, “including social networks, search engines and advertising and analytics services.” From the hotel’s point of view, sharing the information with the customer in this way is simple and easy to do, but it clearly overlooks the security threat being posed.
Candid Wueest, principal threat researcher at Symantec, explained, “While it’s no secret that advertisers are tracking users’ browsing habits, in this case, the information shared could allow these third-party services to log into a reservation, view personal details and even cancel the booking altogether.”
If the ease with which personal information is being shared isn’t worrying enough, the hotel responses to this review should set alarm bells ringing. Symantec contacted all of them, with the average response time by a hotel data privacy officer taking 10 days. However, 25 percent did not reply within six weeks of contact. One common response seems to be they are, “still updating their systems to be fully GDPR-compliant.”
Back in November, it was discovered that the personal details of 500 million guests at Marriott International hotels had been exposed in a database hack. Symantec did not include Marriott hotels in the review, reinforcing the fact this seems to be an industry-wide problem.
This article originally published at PCMag
here
-
Entertainment7 days ago
NASA discovered bacteria that wouldn’t die. Now it’s boosting sunscreen.
-
Business7 days ago
Tesla drops prices, Meta confirms Llama 3 release, and Apple allows emulators in the App Store
-
Business6 days ago
TechCrunch Mobility: Cruise robotaxis return and Ford’s BlueCruise comes under scrutiny
-
Entertainment6 days ago
‘The Sympathizer’ review: Park Chan-wook’s Vietnam War spy thriller is TV magic
-
Business4 days ago
Tesla layoffs hit high performers, some departments slashed, sources say
-
Business5 days ago
Meta to close Threads in Turkey to comply with injunction prohibiting data-sharing with Instagram
-
Entertainment4 days ago
ChatGPT vs. Gemini: Which AI chatbot won our 5-round match?
-
Business3 days ago
Former top SpaceX exec Tom Ochinero sets up new VC firm, filings reveal