Two out of three hotel websites inadvertently leak guests’ booking details and personal data to third-party sites, including advertisers and analytics companies, according to research by cybersecurity firm Symantec.
The study, that looked at more than 1,500 hotel websites in 54 countries that ranged from two-star to five-star properties, comes several months after Marriott International disclosed one of the worst data breaches in history. Marriott was not included in the study.
Compromised personal information includes full names, email addresses, credit card details and passport numbers of guests that could be used by cybercriminals who are increasingly interested in the movements of influential business professionals and government employees, Symantec said.
Researcher Candid Wueest said:
Compromises usually occur when a hotel site sends confirmation emails with a link that has direct booking information, the study found. The reference code attached to the link could be shared with more than 30 different service providers, including social networks, search engines and advertising and analytics services.