back to article Tripadvisor site coughs to card data breach for a potential 800k users

TripAdvisor has suffered a data breach at its Viator tour-booking and review website. An estimated 1.4 million Viator customers are potentially affected by the compromise, which the firm admits may have exposed payment card data. The compromise also potentially aired the email address, password and Viator "nickname" …

  1. Chizo Ejindu
    FAIL

    Sigh...

    Another day, another security clusterfuck. Do these companies actually believe "it won't happen to us"???

    1. frank ly

      Re: Sigh...

      There's a paticular management technique that involves sticking you fingers in your ears and singing. It makes all problems go away until you find another job.

      1. Anonymous Coward
        Anonymous Coward

        Re: Sigh...

        My manager doesn't know how to sing. He just goes "La... La... La...". Or ignores my emails.

    2. Roo
      Windows

      Re: Sigh...

      I think it's more of a case that companies figure the cost of doing it properly outweighs the cost of mitigation. I would be surprised if many of them have even considered the customers losses in that equation.

      And what 'frank ly' said too.

      1. Anonymous Coward
        Anonymous Coward

        Re: Sigh...

        "I think it's more of a case that companies figure the cost of doing it properly outweighs the cost of mitigation. "

        Which it does in a penalty free world. Lawmakers and regulators likewise stick their fingers in their ears or find excuses as to why they can't act, and so it continues.

        In the UK the data protection arrangements aren't too bad, but the ICO is limited to penalties of £0.5m. That's enough to spoil an SME's day, but for the big retailers, on-lines, and data processors that's chicken feed that they don't give a stuff about. If the ICO were allowed to levy fines up to 1% of turnover, that would concentrate minds, but there's no chance that the likes of Google would allow Jellyfish Dave to implement that sort of regime.

        1. Yet Another Anonymous coward Silver badge

          Re: Sigh...

          They choose to process the credit cards themselves rather than send you to paypal or a card processor - to keep more of the commission. So long as the fines are less than the extra 0.5% they will keep doing it themselves and keep losing your data.

  2. Valeyard

    aw man

    i dunno how. I specifically changed the code to append these details away from our usual /carddeets.txt to /images/cleaningschedule.xls

    you just can't fight people who have the time to look in a file like that. apologies everyone, new filename ideas welcome :)

    1. Anonymous Coward
      Coat

      Re: aw man

      We've used notourcreditcardinfohonest.rtf

      We think no one has looked at them as the last modified date is the same.

      1. VinceH

        Re: aw man

        Try naming the file 'pictureofanakedlady.jpeg' - that way you'll thwart a lot of potential breaches simply because some people will be using systems behind filters to block out naughty things. Top tip.

  3. Anonymous Coward
    Black Helicopters

    I know who the hackers are!

    It's Experian

    Face the facts folks, since all these hacks they must be rolling in it. All these "free" credit card checks being put into place must be music to their ears.

  4. Blitheringeejit
    Holmes

    Some mistake surely...

    >a possible flaw in its mobile application

    Really? A mobile card payment app with possible security flaws? Blimey guv, whodathortit?

  5. I ain't Spartacus Gold badge
    Unhappy

    I've decided to have my email address, passwords and credit card number printed on my t-shirt. It means I never forget them, and it cuts out the middle-man, and saves the companies I used valuable time and trouble, passing on my details to hackers...

    Everyone wins.

  6. The_Idiot

    Could we...

    ... maybe, instead of announcing that companies A-ZZZ have had major data breaches this week/ today/ in the past three minutes, just publish lists of those that _haven't_? It would probably save on electrons and screen space.

    Sigh. Yes, I'm joking. Sort of. Probably...

    1. Anonymous Coward
      Anonymous Coward

      Re: Could we...

      That wouldn't work because you'd have to remove a company name from the list every day.

  7. John Tserkezis

    I've been hitting TripAdvisor (and others) heavily in last few days for some up coming trips, and noticed two things: The two major popups that kept fucking popping up are booking.com and tripadvisor.com, so I'll be doing business with neither.

    Not only that, I'm starting to suspect of the 1.4million customers, half of them were aliases of companies trying to talk themselves up, and the other 50% were the competition trying to talk the first half down.

    So I make my bookings by that thing they call a telephone. It's a novel idea, and it gives the NSA something to listen to inbetween the drug dealers and terrorists they keep telling us they're protecting us from.

    1. Danny 14 Silver badge

      I use tripadvisor to find a hotel/venue then quidco to find a site to book through (usually end up being expedia). Saves a bit of money in the long run - neither store my credit card details.

      Quidco does have my bank account details for BACS payments but my bank also has securecall so I need to supply a pin number for any account transfers out - so no problem there.

      Using the phone is worse in some respects as there in NOTHING stopping someone overhearing and writing down the details you say into the phone. Phone calls are always treat as HTTP traffic in my mind.

  8. Anonymous Coward
    Anonymous Coward

    Not just a data breach but a tripadvisor data breach.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022