Portion of TripAdvisor Member Email List Hacked, Stolen

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://www.pcmag.com/article2/0,2817,2382543,00.asp

Travel site TripAdvisor on Thursday said that a portion of its member
e-mail list had been stolen, though member passwords were not
compromised.

"We've confirmed the source of the vulnerability and shut it down,"
Steve Kaufer, co-founder and CEO of TripAdvisor, said in an e-mail to
users. "We're taking this incident very seriously and are actively
pursuing the matter with law enforcement."

Kaufer said only a "portion" of its e-mail addresses were taken, and
most users will not be affected. "You may receive some unsolicited
emails (spam) as a result of this incident," he wrote.

Kaufer said he is reaching out to users because "we think it's the
right thing to do." He said that the site does not collect credit card
or financial information, or sell or rent its member list.

"We will continue to take all appropriate measures to keep your
personal information secure at TripAdvisor," he wrote. "I sincerely
apologize for this incident and appreciate your membership in our
travel community."

The news comes the same day that potential TripAdvisor rival Gogobot
announced plans to integrate with Expedia, Kayak, Hotels.com, Orbitz,
and Priceline so that users can directly book flights and hotels on
the site.

In September, TripAdvisor launched SniqueAway.com, a site that
combines the company's highly-reviewed hotels with special deals on
those properties.

--------------------------------------------------------

More details here:

http://www.tripadvisor.com/vpages/more_information.html

What happened?
We discovered that an unauthorized third party has recently stolen
part of TripAdvisor's member email list. We're taking this incident
very seriously. We've identified the vulnerability, shut it down and
are vigorously pursuing the matter with law enforcement. We sincerely
apologize for this inconvenience.

How does this impact those who were affected?
The portion of our membership that was impacted may receive some
unsolicited emails (SPAM) as a result. No passwords were taken, and
any and all password information is secure. TripAdvisor does not
collect members' credit card or financial information, and we never
sell or rent our member list.

How many members were impacted?
It affected a portion of our membership.

When did it happen?
We're still investigating the details.

What is TripAdvisor doing about this?
While we're still investigating the details, we've identified the
vulnerability, shut it down and are vigorously pursuing the matter
with law enforcement. We are also are implementing additional security
precautions to help prevent another incident in the future.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/