27 Sep 2007
A glitch on the web site of hotel chain Travelodge led to names, addresses and parts of credit card numbers being accessible to other customers.
One affected site user claimed thousands of records could have been exposed. But Travelodge said that only a small proportion could have been accessed in the time that it took to fix the fault.
Further reading
A customer discovered the problem by clicking on the link in a booking confirmation email and changing the booking number. The result was access to other customers’ orders showing their name, postal address and the last four digits of the credit card number.
“It appeared my booking information was accessible to anyone on the internet, and I could access others’ details,” the customer told Computing.
The customer was able to access 19 other people’s information in the same way. And a hacking program, designed to see how many records it would be possible to see, gave an estimated answer of thousands.
Travelodge said that the glitch which happened in June this year existed for less than a day and blamed unfortunate coincidence for its discovery by a customer.
The problem was caused by the installation of new software and the hotel chain was already aware of the flaw when it was reported by the customer.
“By definition the short incursion into the site would allow time only for a minuscule proportion of our data to be obtained,” said a Travelodge statement.
Security breaches requiring little technical expertise to find them are a growing trend.
In May, the Foreign Office shut an online application system run by visa service VFS Global. And the Department of Health is investigating a breach in the government’s Medical Training Application Service web site that exposed doctors’ personal details.
How is it that new software can be deployed without being tested to identify such issues? Or was it deployed in spite of the fact that the fault was known about, as it appears to have been identified and fixed in 'less than a day'? This sort of incident only encourages the type of scare story beloved of the popular press which puts many people off using the internet for commercial transactions. IT needs to get its house in order if it is to show that it is a genuine profession contributing seriously to the nation's economy.
Posted by: Andrew Fuller 27 Sep 2007
Have your say on this article
Newsletters
Latest stories from Security Technology
Latest videos
You may also like
Security Technology jobs
Technology Patent Wars
Staff are increasingly using their personal devices for work. Productivity may increase as a result, but the trend brings with it security risks
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
