TripAdvisor admitted today that hackers had infiltrated its servers and managed to steal user emails. According to the big-name travel website, only emails were stolen, but all passwords and other member information are safe. Therefore, the only damage done to users will be extra spam, phishing schemes, or anything else the evildoers came come up with to aggravate TripAdvisor members.
“We’ve confirmed the source of the vulnerability and shut it down. We’re taking this incident very seriously and are actively pursuing the matter with law enforcement,” TripAdvisor explained in its email to customers.
According to Sophos, the security site that broke the story, many users freely hand out their email addresses anyway, so their email addresses were not exactly private from the beginning. As for those who expected their emails to never be used for third-party marketing, welcome to the world of web security.
Aside from the email theft, TripAdvisor said that the hackers may have stolen valuable trade secrets from the company’s website. The entire incident is undoubtedly embarrassing for a company that conducts business on the web, but members should at least give TripAdvisor credit for coming clean about the attack rather than trying to bury it.
Unlike many other web-based businesses, TripAdvisor did not sell the users’ email addresses to a third-party marketing company, but the damage done is just as bad – maybe even worse if the most awful types of individuals get a hold of the email addresses.
“The reason we are going directly to you with this news is that we think it’s the right thing to do,” the letter to members continues, “…Unfortunately, this sort of data theft is becoming more common across many industries, and we take it extremely seriously.”
That is not exactly comforting, considering people often trust their detailed travel plans with online sites. It is almost like saying there is nothing that can be done to stop it, something to consider in the future.