FastBooking is alerting its client hotels that an attacker has exploited a web application hosted on its server to steal personal information and payment data from guests of hundreds of properties around the world. Ironically, the vulnerability came from an application intended to install malware.
The hacker attacked each hotel differently stealing booking-related details, such as physical and email addresses and check-in/check-out dates from some hotel operators and traveler credit card data, including name, number, and expiration date from others. In response to the data breach, FastBooking sent out templates to the hotels involved on how to inform guests of the attack.
Takeaways: This latest breach is a nightmare for all parties involved: the booking software company, its clients - global hotel operators, and hotel guests. While all this gets sorted out, are there things consumers can do to mitigate risks that come from booking or ordering online? Here are some tips:
Utilize a secondary email address for websites that send you emails about future events or deals; this way, if a breach occurs, your main email address won’t be compromised.
Don’t keep your personal or credit information stored for later use; when executing a payment, do not choose the option: “save your information for later.”
If available, consult with the hotel or entity you are using and find out if they keep your information after your leave – it’s a good idea to ask if they can wipe your payment and contact information from the system.