TripAdvisor Member Emails Stolen by Hacker

Friday, March 25, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

Online travel company TripAdvisor alerted members that their website had been hacked last weekend, and that some customer's email addresses had been stolen.

The company assured clients that no passwords or billing information had been accessed in the breach.

"This is the second time a well known website has been breached this week – just a few days ago it was Play.com with egg on its face, now it’s TripAdvisor. It’s the regularity of these types of incident that suggest traditional approaches to IT security are no longer fit for purpose," said LogRhythm's Ross Brewer.

TripAdvisor sent customers the following email on the data loss event:

tripadvisor-trip-advisor-email-hack

Since the data accessed in the breach is limited to email addresses, some customers can probably expect an increase in the amount of span email they receive.

Affected embers of TripAdvisor should also be wary of any attempts by spammers to elicit other sensitive information in email phishing campaigns, and they should exercise caution when they receive any emails with attachments that could possibly contain malware.

As for companies faced with persistent threats to client and corporate data from hackers seeking unauthorized access, Brewer recommends shoring up security with integrated solutions.

“In addition to the traditional perimeter defences organisations typically deploy, organisations also need to adopt tools that enable them to monitor their extended IT infrastructures on a continual basis. Integrated log management and security information event management (SIEM) solutions allow companies to spot any suspicious activity as soon as it happens, acting as a vital safety net when perimeter solutions fail," Brewer advises.

Possibly Related Articles:
10717
Breaches
Email Access Control Headlines Hacker breach TripAdvisor
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.