Beware! Your hotel confirmation e-mails are vulnerable to misuse
Hotels are the most vulnerable to hack attacks as they have a trove of information through guest check-ins.
Hotels across the globe send you e-mails upon booking confirmation. However, your next stay with them is not safe from the prying eyes of third-parties.
Security company Symantec found flaws in the websites of hundreds of hotel, which were leaking sensitive information including names, phone numbers, passport numbers, and addresses in confirmation e-mails, Cnet reports.
Hotels are the most vulnerable to hack attacks as they have a trove of information through guest check-ins. The researchers found two-thirds of over 1,500 hotel websites in 54 countries with issues in their websites.
One of the issues stems from the URL, which is sent to the guests in emails. These URLs also contain the booking number.
The vulnerable websites have advertisers and third-party analytics tools embedded on the pages who also get the URL.
All that a potential attacker needs to do is enter the reservation number and gather all the personal information tied to it.
The researchers recommend hotels to stop information in the URL and start implementing authentication measures on confirmation pages.