Hack attack: Confirmation mails from hotels may leak your phone numbers, email IDs
Hotels are the most vulnerable to hack attacks.
- Tricked by tech: Hackers show how a Tesla Model S can be forced into the wrong lane
- Security at stake, again! Serial hacker returns, steals data of 26 mn users
- After leaking data of 750 mn users, hacker now puts 93 mn more users' info on sale
- Nobody's safe? Jeff Bezos's case shows even billionaires vulnerable to hackers
Security company Symantec found flaws in the websites of hundreds of hotel, which were leaking sensitive information including names, phone numbers, passport numbers, and addresses in confirmation e-mails, Cnet reports.
Hotels are the most vulnerable to hack attacks as they have a trove of information through guest check-ins. The researchers found two-thirds of over 1,500 hotel websites in 54 countries with issues in their websites.
One of the issues stems from the URL, which is sent to the guests in emails. These URLs also contain the booking number.
The vulnerable websites have advertisers and third-party analytics tools embedded on the pages who also get the URL.
All that a potential attacker needs to do is enter the reservation number and gather all the personal information tied to it.
The researchers recommend hotels to stop information in the URL and start implementing authentication measures on confirmation pages.