Two in Three Hotel Websites Leak Guest Booking Details

Symantec Threat Intelligence: Two in Three Hotel Websites Leak Guest Booking Details

Hospitality services’ websites may leak your booking details, allowing others to view your personal data or even cancel your reservation.

Based on an analysis of more than 1,500 hotels in 54 countries spread across five continents, Symantec discovered that two out of three hotel websites inadvertently leak guests’ booking details and personal data to third-party sites, including advertisers and analytics companies. With the one-year anniversary of the GDPR just next month, the findings call into question just how much the policy’s implementation has addressed the ways in which organisations handle data leakage.

Some reservation systems were commendable, as they only revealed a numerical value and the date of the stay and did not divulge any personal information. But the majority leaked personal data, such as:

• Full name
• Email address
• Postal address
• Mobile phone number
• Last four digits of credit card, card type, and expiration date
• Passport number

What are the risks?
The 2018 Norton LifeLock Cyber Safety Insights Report recently revealed consumers are concerned about their privacy (83 percent), but most say they accept certain risks to make life more convenient (61 percent).

Many individuals regularly share details of their travels by posting photos on social media networks. Some don't even bother blurring out the booking reference of their tickets. These individuals may not be too concerned about their privacy and may actually want their followers to know about their whereabouts.

An attacker might decide to cancel a reservation just for fun or as personal revenge, but it could also be to damage the reputation of a hotel as part of an extortion scheme or as an act of sabotage carried out by a competitor.

To read the full Threat Intelligence Report please go to https://www.symantec.com/blogs/threat-intelligence/hotel-websites-leak-guest-data

© Scoop Media