Symantec believes two out of three hotels leak guest personal data

The cybersecurity pioneer Symantec Corp has released new research which says that two out of three hotel websites inadvertently leak customer details. People at Symantec believe that many third party sites, advertisers, and analytics companies make use of such data.

The study by the security firm looked into more than 1,500 hotel websites in 54 countries. The study also included two-star to five-star properties. The study’s revelation is shocking considering the massive Mariott data leak which happened not too long ago. But the multinational hotel franchise was not included in the study.

Symantec in its published report said that personal details like names, email addresses, credit card details, and passport numbers get leaked from such websites and are utilized by the cybercriminals to “influence” business professionals and government employees.

The lead researcher of the study, Candid Wueest told: “While it’s no secret that advertisers are tracking users’ browsing habits, in this case, the information shared could allow these third-party services to log into a reservation, view personal details and even cancel the booking altogether.”

The detailed report has also pointed out that most of these compromises happen when a hotel site sends a confirmation email to the customer which has the booking information. The cybersecurity firm even tried informing the affected hotels but got a poor response. Among those who did respond, the average time of response was 10 days.