A study of more than 1,500 hotels in 54 countries found that 67 percent of their websites leak booking reference codes to third-party partners, allowing them to potentially access guests' booking details and personal information.
Such access could even enable the third parties to cancel individuals' reservations if they so desired, according to Symantec Principal Threat Researcher Candid Wueest, who conducted the study and revealed his findings in a company blog post this week.
Wueest says he reached out to the offending hospitality providers to inform them of his discoveries. Despite the possibility that these hotels are violating Europe's GDPR policies, 25 percent of the hotels' data privacy officers did not reply within a six-week response period, Wueest reports. Those that replied reportedly took an average of 10 days to respond – and while some committed to making changes, others contended the shared data wasn't personal or must be shared with ad companies.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.