Two out of three hotels accidentally leak guests’ personal data: Symantec

FILE PHOTO - A hand is silhouetted in front of a computer screen in this picture illustration taken in Berlin May 21, 2013. REUTERS/Pawel Kopczynski

By Angela Moon

(Reuters) – Two out of three hotel websites inadvertently leak guests’ booking details and personal data to third-party sites, including advertisers and analytics companies, according to research released by Symantec Corp on Wednesday.

The study, which looked at more than 1,500 hotel websites in 54 countries that ranged from two-star to five-star properties, comes several months after Marriott International disclosed one of the worst data breaches in history.

Symantec said Marriott was not included in the study.

Compromised personal information includes full names, email addresses, credit card details and passport numbers of guests that could be used by cybercriminals who are increasingly interested in the movements of influential business professionals and government employees, Symantec said.

“While it’s no secret that advertisers are tracking users’ browsing habits, in this case, the information shared could allow these third-party services to log into a reservation, view personal details and even cancel the booking altogether,” said Candid Wueest, the primary researcher on the study.

The research showed compromises usually occur when a hotel site sends confirmation emails with a link that has direct booking information. The reference code attached to the link could be shared with more than 30 different service providers, including social networks, search engines and advertising and analytics services.

Wueest said 25 percent of data privacy officers at the affected hotel sites did not reply to Symantec within six weeks when notified of the issue, and those who did took an average of 10 days to respond.

“Some admitted that they are still updating their systems to be fully GDPR-compliant,” Wueest said, referring to Europe’s new privacy law, or the General Data Protection Regulation, which took effect about a year ago and has strict guidelines on how organizations should deal with data leakage.

(Reporting by Angela Moon; Editing by Dan Grebler)

Facebook says data leak hits 87 million users, widening privacy scandal

FILE PHOTO: Silhouettes of mobile users are seen next to a screen projection of Facebook logo in this picture illustration taken March 28, 2018. REUTERS/Dado Ruvic/Illustration/File photo

By David Ingram

 

By David Ingram

SAN FRANCISCO (Reuters) – Facebook Inc said on Wednesday the personal information of up to 87 million users, mostly in the United States, may have been improperly shared with political consultancy Cambridge Analytica, up from a previous news media estimate of more than 50 million.

Chief Executive Mark Zuckerberg said in a conference call with reporters that Facebook had not seen “any meaningful impact” on usage or ad sales since the scandal, although he added, “it’s not good” if people are unhappy with the company.

Shares rose more than 3 percent after the bell.

Zuckerberg told reporters that he accepted blame for the data leak, which has angered users, advertisers and lawmakers, while also saying he was still the right person to head the company he founded.

“When you’re building something like Facebook that is unprecedented in the world, there are going to be things that you mess up,” Zuckerberg said, adding that the important thing was to learn from mistakes.

He said he was not aware of any discussions on the Facebook board about him stepping down, although directors would face a challenge if they wanted to oust him because Zuckerberg is the controlling shareholder.

He said he had not fired anyone over the scandal and did not plan to. “I’m not looking to throw anyone else under the bus for mistakes that we made here,” he said.

Facebook first acknowledged last month that personal information about millions of users wrongly ended up in the hands of Cambridge Analytica.

Zuckerberg will testify about the matter next Tuesday and Wednesday during two U.S. congressional hearings.

London-based Cambridge Analytica, which has counted U.S. President Donald Trump’s 2016 campaign among its clients, disputed Facebook’s estimate of affected users. On Wednesday it said on Twitter it had received no more than 30 million records from a researcher it hired to collect data about people on Facebook.

Zuckerberg, on the call with reporters, said Facebook should have done more to audit and oversee third-party app developers like the one that Cambridge Analytica hired in 2014.

“Knowing what I know today, clearly we should have done more,” he said.

Facebook was taking steps to restrict which personal data is available to third-party app developers, he said, and it might take two more years to fix Facebook’s problems.

“We’re broadening our view of our responsibility,” Zuckerberg said.

Most of the up to 87 million people whose data was shared with Cambridge Analytica were in the United States, Facebook Chief Technology Officer  Mike Schroepfer wrote in a blog post.

Shares in Facebook closed down 0.6 percent on Wednesday to $155.10. They have tumbled more than 16 percent since the Cambridge Analytica scandal broke.

The previous estimate of more than 50 million Facebook users affected by the data leak came from two newspapers, the New York Times and London’s Observer, based on their investigations of Cambridge Analytica.

Zuckerberg said Facebook came to the higher estimate by looking at the number of people who had downloaded a personality quiz app created by Cambridge University academic Aleksandr Kogan, or about 270,000 people, and then adding in the number of friends they had.

Cambridge Analytica has said that it engaged Kogan “in good faith” to collect Facebook data in a manner similar to how other third-party app developers have harvested personal information.

The scandal has kicked off investigations by Britain’s Information Commissioner’s Office, Australia’s Privacy Commissioner and the U.S. Federal Trade Commission and by some 37 U.S. state attorneys general.

Nigeria’s government will investigate allegations of improper involvement by Cambridge Analytica in that country’s 2007 and 2015 elections, a presidency spokesman said on Monday.

(Reporting by David Ingram in San Francisco; Additional reporting by Arjun Panchadar in Bengaluru, Eric Auchard in London and Tom Westbrook in Sydney; Editing by Lisa Shumaker and Clarence Fernandez)