BreachExchange mailing list archives
Portion of TripAdvisor Member Email List Hacked, Stolen
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Thu, 24 Mar 2011 16:44:07 -0400
http://www.pcmag.com/article2/0,2817,2382543,00.asp Travel site TripAdvisor on Thursday said that a portion of its member e-mail list had been stolen, though member passwords were not compromised. "We've confirmed the source of the vulnerability and shut it down," Steve Kaufer, co-founder and CEO of TripAdvisor, said in an e-mail to users. "We're taking this incident very seriously and are actively pursuing the matter with law enforcement." Kaufer said only a "portion" of its e-mail addresses were taken, and most users will not be affected. "You may receive some unsolicited emails (spam) as a result of this incident," he wrote. Kaufer said he is reaching out to users because "we think it's the right thing to do." He said that the site does not collect credit card or financial information, or sell or rent its member list. "We will continue to take all appropriate measures to keep your personal information secure at TripAdvisor," he wrote. "I sincerely apologize for this incident and appreciate your membership in our travel community." The news comes the same day that potential TripAdvisor rival Gogobot announced plans to integrate with Expedia, Kayak, Hotels.com, Orbitz, and Priceline so that users can directly book flights and hotels on the site. In September, TripAdvisor launched SniqueAway.com, a site that combines the company's highly-reviewed hotels with special deals on those properties. -------------------------------------------------------- More details here: http://www.tripadvisor.com/vpages/more_information.html What happened? We discovered that an unauthorized third party has recently stolen part of TripAdvisor's member email list. We're taking this incident very seriously. We've identified the vulnerability, shut it down and are vigorously pursuing the matter with law enforcement. We sincerely apologize for this inconvenience. How does this impact those who were affected? The portion of our membership that was impacted may receive some unsolicited emails (SPAM) as a result. No passwords were taken, and any and all password information is secure. TripAdvisor does not collect members' credit card or financial information, and we never sell or rent our member list. How many members were impacted? It affected a portion of our membership. When did it happen? We're still investigating the details. What is TripAdvisor doing about this? While we're still investigating the details, we've identified the vulnerability, shut it down and are vigorously pursuing the matter with law enforcement. We are also are implementing additional security precautions to help prevent another incident in the future. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- Portion of TripAdvisor Member Email List Hacked, Stolen Jake Kouns (Mar 24)