Your hotel check-in confirmation could be putting you at risk

[InfoSec News <alerts () infosecnews org>]

https://www.cnet.com/news/your-hotel-check-in-confirmation-could-be-putting-you-at-risk/

By Alfred Ng
CNET News
April 10, 2019

When your hotel automatically emails you your booking information, there's a 
good chance that you're not the only person with access to those documents.

Symantec, a security company, found flaws on hundreds of hotel websites, which 
were leaking sensitive information like names, phone numbers, passport numbers 
and addresses in confirmation emails.

Candid Wueest, a threat researcher at Symantec, said he looked at more than 
1,500 hotel websites in 54 countries and found the issues among two-thirds of 
them.

Hotels are a primary target for cyberattacks, as they hold treasure troves of 
data on guests during vacation season. They are frequently hacked, as 
cyberattacks on Sheraton, Westin, Starwood, Marriott and Wyndham hotels over 
the last few years show. Last November, Marriott disclosed that hackers had 
stolen records from up to 383 million guests in one of the largest personal 
data breaches in history.

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_