Booking your holiday online? You may want to think twice after a study by tech security company Symantec revealed that two out of three hotel websites were leaking guests’ private details to third parties.
The study, which looked at more than 1,500 hotel websites in 54 countries that ranged from two-star to five-star properties, found that compromised personal information included full names, email addresses, credit card details, and passport numbers of guests.
Candid Wueest, the primary researcher on the study, said: “While it’s no secret that advertisers are tracking users’ browsing habits, in this case, the information shared could allow these third-party services to log into a reservation, view personal details and even cancel the booking altogether.”
The research showed compromises usually occurred when a hotel site sent confirmation emails with a link that has direct booking information. Researchers found examples where the reference code attached to the link was shared with as many as 30 different service providers, including social networks, search engines, and advertising and analytics services.
The researchers explain that when hotels were contacted about the breach, one in four didn’t even bother to respond, while the others took an average of ten days to reply, showing a lack of concern about the issue in the industry.