Data breach affects Irish users of global hotel website

Irish customers were among those who had data stolen by hackers on one of the world’s most popular hotel booking sites, Hotels.com, the company has confirmed.

The website has sent compromised customers an email advising that their username, password, email address, and the last four digits of stored credit card numbers were potentially stolen last month.

The Texas-headquartered company has hundreds of thousands of hotels on its books around the world and is part of the Expedia organisation, along with similar sites such as Trivago and Hotwire. It includes independent and major chain hotels as well as bed and breakfasts and resorts.

There is no breakdown so far of how many customers were affected but a spokesperson for Hotels.com confirmed data was compromised between May 22 and 29 and that it was engaging with customers worldwide, including Ireland.

The company said it could assure customers that full credit card information was not compromised on its website.

Irish cybersecurity experts warned that such breaches of customer data were now a fact of life online and urged people to take password security more seriously.

Director of cybersecurity services at PwC, Leonard McAuliffe, said industry online was “under constant attack” from hackers looking for databases of names, addresses, passwords, and other lucrative information.

“Depending on the type of information they can access, the value goes up,” said Mr McAuliffe.

“That means a scale of names and addresses, to usernames and passwords, to credit card details and the three-digit security code on the back of a credit card. They can sell on those databases on what is known as the Darknet, or they can monetise the details themselves. It is very lucrative.”

Mr McAuliffe said an even more sophisticated scam pattern was emerging, with emails purporting to be a company telling users their details were hacked and that they should change passwords. If there is a clickable link within such an email, users should avoid it, he said.

“Do not click on the links within those emails as they could be fake to lure people in,” said Mr McAuliffe. “They might very well be legitimate but why take the chance? We advise that if you are to change your password, do so on the actual official website or app, and not through a link in an email. It’s always better to be safe than sorry.”

Mr McAuliffe said that security measures such as two-step verification — where a user needs to enter an extra code sent to a phone to verify log-in details — was very efficient in preventing data theft. Biometric verification, which is verification by a body part such as a fingerprint, was also proving very successful, he added.

“Usernames and passwords are just not good enough any more and companies and customers have to get used to that,” said Mr McAuliffe.

CEO of Cork-based IT company Smarttech, Ronan Murphy said “password hygiene” was effective in preventing data being stolen.

“That means changing your passwords regularly, not using the same passwords for every site, using symbols and numbers, etc,” said Mr Murphy.


Lifestyle

Who hasn’t dreamt of cutting ties with the nine-to-five and living off-the-grid?The great escape: What's life like off the grid?

Jazz in Europe these days exists in a highly networked environment of cultural and political bodies, festivals, promoters, musicians and educators.Jazz Connective Festival: Intriguing, exciting and uncompromising

It will be bittersweet for Stormzy that his second album arrives the day the British Labour party was confirmed as suffering a historic general election trouncing.Album review: Stormzy remains a work in progress

Unique drawings by Quentin Blake, one of Britain’s best-loved illustrators, are available at a Christie’s online auction which runs until December 17.Your chance to buy drawings by Roald Dahl illustrator Quentin Blake

More From The Irish Examiner