Posted: Apr 15, 2019
Poor security practices and the presence of a large number of third-party tracking services on their websites means that as many as two thirds of hotels around the world could leak sensitive personal data of their customers, Symantec has discovered.
The personal data exposed in this way ranges from customers' names, postal and email addresses, phone numbers, last four digits of their credit cards, including card type and expiration date, to passport numbers ZDNet is reporting, citing the security blog post.
The vulnerability exists thanks to the hotels' booking websites sending unencrypted links to customers and leaking credentials as URL arguments, which then become available to third party services, allowing them to view personal data, log into reservations, or cancel them – to harm either the travelers, or the establishments' reputation.
The issue is all the more grave as it has been discovered nearly one year after EU's General Data Protection Regulation (GDPR) came into force, designed to counter precisely such scenarios – highlighting once again that companies are either struggling with implementation, or not even trying hard enough.
Symantec observed that while customers can check if links sent to them are encrypted – “for the average hotel guest, spotting such leaks may not be an easy task, and they may not have much choice if they want to book a specific hotel.”
Recently, IP and tech lawyer, Annemarie Bridy, posted on Twitter:
It seems that travel companies seem to be moving towards more tracking at a time when it's getting scrutinized more than ever.
By Dee Rankovic
April 14, 2019
Go-Wine's mission is to organize food and beverage information and make it universally accessible and beneficial. These are the benefits of sharing your article in Go-Wine.com