Technology
2 out of 3 hotels leak your personal details
Follow @https://twitter.com/PCMag
PCMag.com is a leading authority on technology, delivering Labs-based, independent reviews of the latest products and services. Our expert industry analysis and practical solutions help you make better buying decisions and get more from technology.
It turns out one of the riskiest things you can do for your personal data is book a hotel room. That’s the conclusion of Symantec after reviewing more than 1,500 hotel websites spread across 54 different countries.
As Reuters reports, the review carried out by Symantec discovered that two out of every three hotels will leak the booking details of guests. Those details include full names, email address, postal address, mobile number, credit card details (last four digits, card type, expiration), and passport numbers. The information is accessible to third-party websites, advertisers, and analytics companies.
The obvious questions are how? and why? The personal data being leaked stems mainly from the way in which hotels send confirmation emails. They typically include a reference code, which links to all the booking information and doesn’t require a login to access. A quarter of the hotel websites also aren’t encrypting the link, making it much easier to intercept and access the information.
According to Symantec, that reference can be shared with over 30 different service providers, “including social networks, search engines and advertising and analytics services.” From the hotel’s point of view, sharing the information with the customer in this way is simple and easy to do, but it clearly overlooks the security threat being posed.
Candid Wueest, principal threat researcher at Symantec, explained, “While it’s no secret that advertisers are tracking users’ browsing habits, in this case, the information shared could allow these third-party services to log into a reservation, view personal details and even cancel the booking altogether.”
If the ease with which personal information is being shared isn’t worrying enough, the hotel responses to this review should set alarm bells ringing. Symantec contacted all of them, with the average response time by a hotel data privacy officer taking 10 days. However, 25 percent did not reply within six weeks of contact. One common response seems to be they are, “still updating their systems to be fully GDPR-compliant.”
Back in November, it was discovered that the personal details of 500 million guests at Marriott International hotels had been exposed in a database hack. Symantec did not include Marriott hotels in the review, reinforcing the fact this seems to be an industry-wide problem.
This article originally published at PCMag
here
-
Entertainment7 days ago
OpenAI’s plan to make ChatGPT the ‘everything app’ has never been more clear
-
Entertainment6 days ago
‘The Last Showgirl’ review: Pamela Anderson leads a shattering ensemble as an aging burlesque entertainer
-
Entertainment7 days ago
How to watch NFL Christmas Gameday and Beyoncé halftime
-
Entertainment5 days ago
Polyamorous influencer breakups: What happens when hypervisible relationships end
-
Entertainment5 days ago
‘The Room Next Door’ review: Tilda Swinton and Julianne Moore are magnificent
-
Entertainment4 days ago
‘The Wild Robot’ and ‘Flow’ are quietly revolutionary climate change films
-
Entertainment4 days ago
Mars is littered with junk. Historians want to save it.
-
Entertainment4 days ago
CES 2025 preview: What to expect