Symantec has announced the results of a new research that reveals flaws in the hotels’ sites. Many hotel websites leak the booking data and allow access to personal data.

Two thirds of them, explains Symantec, the websites that inadvertently scatter the details of guest bookings. The leaks expose data to third-party sites, including those of advertisers and analytics companies.

We are approaching the first anniversary of the entry into force of the Gdpr, Symantec stresses. And the results show how the implementation of the legislation has changed the way organizations manage data leak.

Hotel sites, data colobrode

Symantec experts have tested numerous websites, of over 1,500 hotels in 54 countries. The tested sites ranged from two-star country hotels to luxury five-star resorts on the beach. Some sites were part of large and renowned hotel chains.

Two out of three, or 67 percent, of these sites inadvertently allowed the leak of the reference codes of bookings on third-party sites. Everyone had a privacy policy, but none of them mentioned this behavior explicitly.

It is certainly not a secret, Symantec points out, that advertisers monitor users’ browsing habits. In this case, however, the information shared could allow these third-party services to access a booking. As well as view personal details and even cancel your reservation completely.

Some booking systems have behaved commendably, as they have revealed only a numerical value and the date of stay. They have therefore disclosed no personal information.

But most have allowed third parties access to personal data and sensitive information. From full name to email address, to credit card details and passport number.

Risks and potential threats

Hackers and targeted attack groups, Symantec points out, are increasingly interested in the movements of prominent professionals and government employees. Symantec itself has also recently highlighted this, with the threat of APT groups such as Whitefly.

With access to this data, hackers ensure the possibility of taking important information. Data that might enable them to target a target, know how much time it spends in a given place, and even get its position. This clearly has strong and worrying implications for high-profile individuals.

Perhaps, the company points out, the most surprising thing was the response of the hotels after Symantec provided them with information about the results. 25% of those responsible for privacy did not respond within five weeks. And those who responded, on average, took 10 days. Others have even admitted that they are still being upgraded to align with the Gdpr.

Overall, the results and responses of the hotels concerned indicate that there is still a long way to go before these facilities can be able to meet the standards set by the Gdpr. Meanwhile, it highlights with some concern Symantec, sensitive consumer data remain at risk.

More information and technical details on the research conducted by Symantec are available on this page of the company’s blog.

Leave a Reply

Your email address will not be published.

You May Also Like