Security News > 2011 > March > Expedia's TripAdvisor Member Data Stolen in Possible SQL Injection Attack
http://www.eweek.com/c/a/Security/Expedias-TripAdvisor-Member-Data-Stolen-in-Possible-SQL-Injection-Attack-522785/ By Fahmida Y. Rashid eWEEK.com 2011-03-24 TripAdvisor discovered a data breach in its systems that allowed attackers to grab a portion of the Web siteâs membership list from its database. The data breach was discovered over the weekend of March 19, and an âunauthorized third partyâ had stolen the e-mail list, Steve Kaufer, co-founder and CEO of TripAdvisor, wrote in an e-mail to members on March 24. The vulnerability has been shut down and the company is working with law enforcement as well as conducting its own investigation, he said. TripAdvisor does not collect or store membersâ credit card or financial information, and member passwords were not stolen, Kaufer said. He said most members wonât notice anything as the result of the breach, although some users may receive some spam as a result of the theft. The company notified the customers because âit's the right thing to do,â he said. âAs a TripAdvisor member, I would want to know,â Kaufer said. [...]