Security News > 2011 > March > Expedia's TripAdvisor Member Data Stolen in Possible SQL Injection Attack

Expedia's TripAdvisor Member Data Stolen in Possible SQL Injection Attack
2011-03-25 06:22

http://www.eweek.com/c/a/Security/Expedias-TripAdvisor-Member-Data-Stolen-in-Possible-SQL-Injection-Attack-522785/ By Fahmida Y. Rashid eWEEK.com 2011-03-24 TripAdvisor discovered a data breach in its systems that allowed attackers to grab a portion of the Web site’s membership list from its database. The data breach was discovered over the weekend of March 19, and an “unauthorized third party” had stolen the e-mail list, Steve Kaufer, co-founder and CEO of TripAdvisor, wrote in an e-mail to members on March 24. The vulnerability has been shut down and the company is working with law enforcement as well as conducting its own investigation, he said. TripAdvisor does not collect or store members’ credit card or financial information, and member passwords were not stolen, Kaufer said. He said most members won’t notice anything as the result of the breach, although some users may receive some spam as a result of the theft. The company notified the customers because “it's the right thing to do,” he said. “As a TripAdvisor member, I would want to know,” Kaufer said. [...]


News URL

http://www.eweek.com/c/a/Security/Expedias-TripAdvisor-Member-Data-Stolen-in-Possible-SQL-Injection-Attack-522785/