A study by US based software company, Symantec, has revealed the shortcomings in online hotel bookings, and how it is compromising sensitive data
Nowadays one can choose to avail almost any service over the internet. While that is highly convenient, it means that consumers are required to enter sensitive information on to these portals, and while most websites have counter measures in place to avoid data breaches, they are not exactly air tight in nature. A new study by US based software giants, Symantec, has uncovered some disturbing information about such data breaches. The study found that 67% of all hotel booking sites, either operated by the hotel themselves, or by a third party member, were prone to leaking sensitive information about the customers.
Over 1,500 hotels were taken into consideration for the study, ranging from modest 2 star establishments, to 5 star hotel chains as well. Candid Wueest, the lead researcher on the study, investigated the sites of a number of hotels across 54 countries, and he found that these sites were unknowingly leaking information to advertisers and other third party sites. The main loophole was found to be with the confirmation e-mails, as the links were not properly encrypted, which made user information vulnerable, when they re-accessed the sites through other mediums.
As soon as an attacker gets access to a booking code and e-mail address, both of which are visible in the confirmation link, the hacker can gain easy access to information such as the customer’s name, address, phone number, passport number and other equally sensitive factors. “Scammers could also use data gathered this way to send convincing personalized spam or carry out other social engineering attacks. Supplying personal information could boost the credibility of extortion mails, like the ones that claim you have been hacked.” Wueest wrote on a blogpost for Symantec on April 9, 2019.