A recent study conducted by security group Symantec finds nearly 70 percent of hotel websites across the globe leak guests’ personal information…
When someone books a hotel room, information contained in the confirmation email might leak out. A new study by security firm Symantec discovers thousands of hotels are unwittingly leaking guest’s personal information.
Study Finds almost 70 Percent of Hotel Websites Leak Guests’ Personal Data
Symantec studied over 1,500 hotels across 54 countries in the U.S., Canada, and some in the E.U. Despite the E.U.’s strict GDPR protections, personal data remained at-risk.
The main issue lies within confirmation emails, which usually contain a link to separate websites. Often, the link includes the booking code and the guest’s email in the URL. Although that in itself is somewhat innocuous, it does pose a real risk.
Since hotels often share information with third-parties, that small string of information can be exploited.
With a guest booking code and email at-hand, it’s easy to find his or her full name, cell phone number, physical address, passport information, and more.
Increasing the risk is the fact that some hotels do not encrypt their links.
Symantec contacted the hotels with the flaws and the companies are taking steps to change their practices.
Symantec also looked at five different travel search engines and discovered similar flaws.