Hotel booking website HotelHippo.com is facing an investigation by the Information Commissioners’ Office (ICO), following a website problem that allowed customer data to be easily extracted from the vulnerable website.
After initially being contacted by cybersecurity specialist Scott Helme on June 25, it seems the company refused to take action until contacted by BBC. The website was taken offline after the BBC contacted the HotelStayUK-contacted website
Helme was able to walk backwards using the sequential booking reference numbers, pulling customer data step-by-step.
If done properly, a customer’s name, home address, date, location and hotel stay duration could be retrieved – and a clever cybercriminal would be able to write a script to quickly pull all data from the Hotel Hippo website.
Here is what HotelHippo told the BBC:
“We confirm that we have taken down the HotelHippo.com website to take some urgent action to deal with a technical situation. Privacy of customer data is our prime concern, and we are committed to ensuring this safety.”
HotelHippo customers concerned about customer privacy can call them: 08446 646 000, or email info@hotelhippo.com.
Thank you to Scott Helme for providing us with this information
Image courtesy of Mr. Helme
Electronic Arts (EA) announced today that its games were played for over 11 billion hours…
Steam's annual end-of-year recap, Steam Replay, provides fascinating insights into gamer habits by comparing individual…
GSC GameWorld released a major title update for STALKER 2 this seeking, bringing the game…
Without any formal announcement, Intel appears to have revealed its new Core 200H series processors…
Ubisoft is not having the best of times, but despite recent flops, the company still…
If you haven’t started playing STALKER 2: Heart of Chornobyl yet, now might be the…