TripAdvisor Member Emails Stolen by Hacker

Friday, March 25, 2011



Online travel company TripAdvisor alerted members that their website had been hacked last weekend, and that some customer's email addresses had been stolen.

The company assured clients that no passwords or billing information had been accessed in the breach.

"This is the second time a well known website has been breached this week – just a few days ago it was with egg on its face, now it’s TripAdvisor. It’s the regularity of these types of incident that suggest traditional approaches to IT security are no longer fit for purpose," said LogRhythm's Ross Brewer.

TripAdvisor sent customers the following email on the data loss event:


Since the data accessed in the breach is limited to email addresses, some customers can probably expect an increase in the amount of span email they receive.

Affected embers of TripAdvisor should also be wary of any attempts by spammers to elicit other sensitive information in email phishing campaigns, and they should exercise caution when they receive any emails with attachments that could possibly contain malware.

As for companies faced with persistent threats to client and corporate data from hackers seeking unauthorized access, Brewer recommends shoring up security with integrated solutions.

“In addition to the traditional perimeter defences organisations typically deploy, organisations also need to adopt tools that enable them to monitor their extended IT infrastructures on a continual basis. Integrated log management and security information event management (SIEM) solutions allow companies to spot any suspicious activity as soon as it happens, acting as a vital safety net when perimeter solutions fail," Brewer advises.

Possibly Related Articles:
Email Access Control Headlines Hacker breach TripAdvisor
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.