This article was published on March 24, 2011

Tripadvisor warns users after “portion” of 20 million customer emails stolen


Tripadvisor warns users after “portion” of 20 million customer emails stolen

Travel review website Tripadvisor has today issued a warning to its 20 million registered users after it emerged attackers had compromised the company’s member list and stolen a number of email addresses registered with the site.

The company created a dedicated webpage to highlight the attack, explaining that although email addresses were stolen, passwords and other sensitive information were not compromised. It warned members that they could expect to receive unsolicited spam emails but has not commented on how addresses were stolen or how many people it will affect:

What happened?

We discovered that an unauthorized third party has recently stolen part of TripAdvisor’s member email list. We’re taking this incident very seriously. We’ve identified the vulnerability, shut it down and are vigorously pursuing the matter with law enforcement. We sincerely apologize for this inconvenience.

How does this impact those who were affected?

The portion of our membership that was impacted may receive some unsolicited emails (SPAM) as a result. No passwords were taken, and any and all password information is secure. TripAdvisor does not collect members’ credit card or financial information, and we never sell or rent our member list.

Tripadvisor notes that it has identified the vulnerability, shutting it down to ensure no further email addresses are stolen. The company has contacted the authorities and has implemented a number of security precautions to stop the same happening in the future.

If you have registered with Tripadvisor and are worried that you may receive SPAM in the near future, make sure you do not open any messages from people you do not trust, ignoring emails that appear suspicious. Also make sure you do not give out any personal information, should it be requested of you.

It is possible that accounts included in the compromise may receive email messages from people posing as Tripadvisor, asking you to verify your details via email. Be on your guard and always make sure any websites you visit from the email resolve to the official Tripadvisor.com website.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with