27 Sep 2007
A glitch on the web site of hotel chain Travelodge led to names, addresses and parts of credit card numbers being accessible to other customers.
One affected site user claimed thousands of records could have been exposed. But Travelodge said that only a small proportion could have been accessed in the time that it took to fix the fault.
Further reading
A customer discovered the problem by clicking on the link in a booking confirmation email and changing the booking number. The result was access to other customers’ orders showing their name, postal address and the last four digits of the credit card number.
“It appeared my booking information was accessible to anyone on the internet, and I could access others’ details,” the customer told Computing.
The customer was able to access 19 other people’s information in the same way. And a hacking program, designed to see how many records it would be possible to see, gave an estimated answer of thousands.
Travelodge said that the glitch which happened in June this year existed for less than a day and blamed unfortunate coincidence for its discovery by a customer.
The problem was caused by the installation of new software and the hotel chain was already aware of the flaw when it was reported by the customer.
“By definition the short incursion into the site would allow time only for a minuscule proportion of our data to be obtained,” said a Travelodge statement.
Security breaches requiring little technical expertise to find them are a growing trend.
In May, the Foreign Office shut an online application system run by visa service VFS Global. And the Department of Health is investigating a breach in the government’s Medical Training Application Service web site that exposed doctors’ personal details.
How is it that new software can be deployed without being tested to identify such issues? Or was it deployed in spite of the fact that the fault was known about, as it appears to have been identified and fixed in 'less than a day'? This sort of incident only encourages the type of scare story beloved of the popular press which puts many people off using the internet for commercial transactions. IT needs to get its house in order if it is to show that it is a genuine profession contributing seriously to the nation's economy.
Posted by: Andrew Fuller 27 Sep 2007
Have your say on this article
Newsletters
Latest stories from Security Technology
Latest videos
You may also like
Security Technology jobs
Will Google’s new privacy policy impact how you use its services?
Rubbish in... rubbish enterprise. Why proper data management is so important (video, 6 min)
This Forrester report compares the costs and benefits of legacy email and productivity software with Google Apps
Upcoming Events
The implementation of robust, relevant digital strategies is more crucial than ever to the success of insurance businesses
Date: 01 Mar 2012
Time: 09:00am
A showcase of the latest in the information content and management
Date: 20 Mar 2012
Time: 09:00am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
