TripAdvisor Warns Customers of Data Breach

TripAdvisor, the popular travel-planning site, is warning customers that some portion of the company’s customer email database was stolen recently by attackers. The company is not saying how many customers are affected or how the breach occurred.

TripAdvisor, the popular travel-planning site, is warning customers that some portion of the company’s customer email database was stolen recently by attackers. The company is not saying how many customers are affected or how the breach occurred.

TripAdvisor posted a message on its site warning customers about the attack, but offering little in the way of details on what actually happened.

“We discovered that an unauthorized third party has recently stolen part
of TripAdvisor’s member email list. We’re taking this incident very
seriously. We’ve identified the vulnerability, shut it down and are
vigorously pursuing the matter with law enforcement. We sincerely
apologize for this inconvenience,” the company said in its statement.

“The portion of our membership that was impacted may receive some
unsolicited emails (SPAM) as a result. No passwords were taken, and any
and all password information is secure. TripAdvisor does not collect
members’ credit card or financial information, and we never sell or rent
our member list.”

TripAdvisor is a site that helps users plan and book travel, including flights, hotel rooms and rental cars. And it’s mainly known among users for its reviews and advice from other travellers.

The theft of email addresses is not the most serious of data breaches, but many people tend to use their email addresses as usernames or login names on other sites. So the addresses themselves have some value, aside from their utility as spam targets, but if the attackers were not able to get the passwords associated with those accounts or other identifying information, then the addresses aren’t as valuable as they would otherwise be.

TripAdvisor said that customers whose email addresses were taken could expect to see more spam in the coming days.

“While we’re still investigating the details, we’ve identified the
vulnerability, shut it down and are vigorously pursuing the matter with
law enforcement. We are also are implementing additional security
precautions to help prevent another incident in the future,” the company said.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.