Two Out of Three Hotels Accidentally Leak Guests' Personal Data: Symantec

Two out of three hotel websites inadvertently leak guests' booking details and personal data to third-party sites, including advertisers and analytics companies, according to research released by Symantec on Wednesday. From a report: The study, which looked at more than 1,500 hotel websites in 54 countries that ranged from two-star to five-star properties, comes several months after Marriott International disclosed one of the worst data breaches in history. Symantec said Marriott was not included in the study. Compromised personal information includes full names, email addresses, credit card details and passport numbers of guests that could be used by cybercriminals who are increasingly interested in the movements of influential business professionals and government employees, Symantec said.

Re:Sorry

[flippy]

I think the point of the article was that the hotels weren't trying to share the information, they leaked it by accident.

Accidentally?

[DickBreath]

Do they make money from these accidental leaks of your data?

Re:Accidentally?

They don't make money but they save money by not investing into IT security. The punishment for leaked data is so low that the investment in better security is not worth it.

Re:Accidentally?

[ediron2]

Likely not *directly*. Accidental is an excuse claimed when someone shares data needed for reservations or other partner activities, and overshares. Direct and thus intentional would be 'hey, here are prospects for your tourism/rental service.' And like others have said, leaks are cheaper than plumbers right now.

Re:Sorry

[Dunbal]

I'd say I leaked it by accident too. Funny how it only got "accidentally" leaked to those who would most want it, though.

Re:Sorry

[DickBreath]

> You agreed to this when you made the reservation.

Wow! That magic mantra has unlimited power to allow you to do anything.

The hotel can sneak in the middle of the night and harvest your vital organs and sell them to China. After all, you agreed to it when you made the reservation.

It's not like you would have a case in court. After all, your vital organs, plus the money you paid are the consideration in exchange for your use of the room during your stay as a hotel guest.

It's not like you can claim irreparable harm in court, because money is always considered a way to repair damages. You can always go acquire new vital organs on the open market. It is not the hotel's fault if you didn't understand the terms and conditions of the contract.

I'm probably safe.

[Major_Disorder]

Since my "wife" and I always sign in as Mr. & Mrs. Smith.

Re:I'm probably safe.

[Major_Disorder]

I liked your movie.

You are the ONLY one.

Re:I'm probably safe.

[antdude]

Add me since I just watched it a few months ago and enjoyed it!

Re:I'm in the Ku Klux Klan

[DickBreath]

Look, Berkeley is NOT trying to shut down free speech.

All points of view must be respected and represented. Toward that end, some people's non politically correct point of view must be suppressed so that all points of view are represented.

Information needs to be toxic

[FeelGood314]

Companies should be scared to take your personal information and store it. They should hold the bare minimum information required to provide the service they are selling. When I developed commerce websites I never stores credit card information on my systems. Creating user accounts was a pain, you can't ask users to create a unique password for a site they use once a year. Any company that does is delusional.

Accident?!

Incompetence. Businesses demand all this information on us and they cannot be trusted with it. And why do they need it in the first place?
Ask them and you get some BS answer - meaning, they don't even know.

We need EU privacy regulations. Business is incapable of regulating themselves and they need to be put in line - and hefty fines if they violate them.

Low Expectations

[Livius]

When I saw the headline my first thought was they were saying it was good news that it was only two out of three and not any higher. Maybe I'm too cynical.

China is looking

[AHuxley]

for US agents who had contact with some of the highest-ranking officials outside China.
A lot of US agents went looking for China Communist party members around the world.
Offers to spy for the US got made to officials outside China.
Now China wants to see who from the USA was in the same hotels at the same time with Communist party members.

So the third

[rsilvergun]

did it on purpose, right?

Re:I'm in the Ku Klux Klan

[Livius]

I really hope that's irony but shocking number of people actually think like that.

Re:I'm in the Ku Klux Klan

[DickBreath]

We can not tolerate intolerant people. And I dislike biased people so much that I am highly biased against them.

Accidentally?

[shess]

How many ways can you make a reservation for an individual hotel? I'd guess about 700. Sometimes you can even go directly to the hotel's website to do it!

Likewise, when you use a site like Expedia to make a reservation, have you ever noticed how hard it pushes associated services? You're booking a flight, how about a hotel! How about a rental car! How about dining!

Spraying your data all over the ether is not an accident, it is literally how this industry makes their money. There's a huge collection of interconnected systems, and there's no bouncer saying "You have to be THIS secure to enter the club". In fact, it's the opposite, it's "Hey, I have a lead, here's someone's private information, can you give me a kickback?", and literally nobody cares about what you're doing with the information until someone determines that you're selling it to the mafia or leaving it in an exposed AWS bucket.

Accidentally.