TripAdvisor Warns Customers of Data Breach

Author: Dennis Fisher
minute read

TripAdvisor, the popular travel-planning site, is warning customers that some portion of the company’s customer email database was stolen recently by attackers. The company is not saying how many customers are affected or how the breach occurred.

TripAdvisor, the popular travel-planning site, is warning customers that some portion of the company’s customer email database was stolen recently by attackers. The company is not saying how many customers are affected or how the breach occurred.

TripAdvisor posted a message on its site warning customers about the attack, but offering little in the way of details on what actually happened.

“We discovered that an unauthorized third party has recently stolen part
of TripAdvisor’s member email list. We’re taking this incident very
seriously. We’ve identified the vulnerability, shut it down and are
vigorously pursuing the matter with law enforcement. We sincerely
apologize for this inconvenience,” the company said in its statement.

“The portion of our membership that was impacted may receive some
unsolicited emails (SPAM) as a result. No passwords were taken, and any
and all password information is secure. TripAdvisor does not collect
members’ credit card or financial information, and we never sell or rent
our member list.”

TripAdvisor is a site that helps users plan and book travel, including flights, hotel rooms and rental cars. And it’s mainly known among users for its reviews and advice from other travellers.

The theft of email addresses is not the most serious of data breaches, but many people tend to use their email addresses as usernames or login names on other sites. So the addresses themselves have some value, aside from their utility as spam targets, but if the attackers were not able to get the passwords associated with those accounts or other identifying information, then the addresses aren’t as valuable as they would otherwise be.

TripAdvisor said that customers whose email addresses were taken could expect to see more spam in the coming days.

“While we’re still investigating the details, we’ve identified the
vulnerability, shut it down and are vigorously pursuing the matter with
law enforcement. We are also are implementing additional security
precautions to help prevent another incident in the future,” the company said.

Suggested articles

Cybersecurity for your growing business
Cybersecurity for your growing business

Topics

Show all

Authors

Threatpost

InfoSec Insider

Infosec Insider Post

Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Content

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.