Booking site in ‘appalling’ data leak

Dave Lee reports that a simple url manipulation exposed customers’ information:

A hotel booking website that was leaking large amounts of customer information is being investigated by the UK data privacy watchdog., owned by HotelStayUK, had revealed booking information that had been a “gift for burglars”, a security expert said.

The exposed data could allow the matching of hotel bookings with home addresses.


The leaked data included the date, location and length of a hotel stay. On a separate page, the home address of the person who made the booking could also be found.

Mr Helme said a simple programme could be written to pull the data from the site – essentially creating a database of addresses where the residents were staying at hotels, and for how long.

Read more on BBC.

About the author: Dissent

Comments are closed.