Names, addresses and last four digits of the credit card number could be viewed
A glitch on the web site of hotel chain Travelodge led to names, addresses and parts of credit card numbers being accessible to other customers.
One affected site user claimed thousands of records could have been exposed. But Travelodge said that only a small proportion could have been accessed in the time that it took to fix the fault.
A customer discovered the problem by clicking on the link in a booking confirmation email and changing the booking number. The result was access to other customers’ orders showing their name, postal address and the last four digits of the credit card number.
“It appeared my booking information was accessible to anyone on the internet, and I could access others’ details,” the customer told Computing.
The customer was able to access 19 other people’s information in the same way. And a hacking program, designed to see how many records it would be possible to see, gave an estimated answer of thousands.
Travelodge said that the glitch which happened in June this year existed for less than a day and blamed unfortunate coincidence for its discovery by a customer.
The problem was caused by the installation of new software and the hotel chain was already aware of the flaw when it was reported by the customer.
“By definition the short incursion into the site would allow time only for a minuscule proportion of our data to be obtained,” said a Travelodge statement.
Security breaches requiring little technical expertise to find them are a growing trend.
In May, the UK Foreign Office shut an online application system run by visa service VFS Global. And the Department of Health is investigating a breach in the British government’s Medical Training Application Service web site that exposed doctors’ personal details.
A glitch on the web site of hotel chain Travelodge led to names, addresses and parts of credit card numbers being accessible to other customers.
One affected site user claimed thousands of records could have been exposed. But Travelodge said that only a small proportion could have been accessed in the time that it took to fix the fault.
A customer discovered the problem by clicking on the link in a booking confirmation email and changing the booking number. The result was access to other customers’ orders showing their name, postal address and the last four digits of the credit card number.
“It appeared my booking information was accessible to anyone on the internet, and I could access others’ details,” the customer told Computing.
The customer was able to access 19 other people’s information in the same way. And a hacking program, designed to see how many records it would be possible to see, gave an estimated answer of thousands.
Travelodge said that the glitch which happened in June this year existed for less than a day and blamed unfortunate coincidence for its discovery by a customer.
The problem was caused by the installation of new software and the hotel chain was already aware of the flaw when it was reported by the customer.
“By definition the short incursion into the site would allow time only for a minuscule proportion of our data to be obtained,” said a Travelodge statement.
Security breaches requiring little technical expertise to find them are a growing trend.
In May, the UK Foreign Office shut an online application system run by visa service VFS Global. And the Department of Health is investigating a breach in the British government’s Medical Training Application Service web site that exposed doctors’ personal details.
Share this page
Email this page
Back to Top
Home
Edit Post
0 comments: