TripAdvisor.com is the latest organisation to fall prey to hackers, who made off with the popular travel site's member email list.
- SC Magazine recommends TripAdvisor subscribers change their passwords as a precaution but not to click on any links from emails purporting to be from the travel community site. You may see an increase in spam in coming weeks that could contain malware or direct you to malicious sites so be suspicious of emails in general and click with caution.
In an email purporting to be from its chief executive officer Steve Kaufer sent to customers today, the site that bills itself as "Most Trusted" said the list was stolen last weekend and that it has since closed the source of the vulnerability. But it did not say what the vulnerability was or what it did to ensure it didn't again leak its customers' personal information. Law enforcement agencies were alerted, TripAdvisor said.
TripAdvisor was asked to comment how many members were affected and of those how many were in Australia but a response was not available at time of publishing.
Kaufer said in his email "only a portion" of its member list was stolen but declined to say what percentage of users were compromised. TripAdvisor's website said it had 20 million members, received 40 million unique visitors a month and operated in 27 countries.
"The reason we are going directly to you with this news is that we think it's the right thing to do," Kaufer said.
"As a TripAdvisor member, I would want to know. Unfortunately, this sort of data theft is becoming more common across many industries, and we take it extremely seriously."
Kaufer assured members the travel website didn't collect credit card details.
But hackers could use the data to "wash" or increase the value of information they may have illicitly collected from other sites to effect a more serious breach or send spam in future.
Other high-profile organisations recently to fall victim to hacker breaches included HB Gary, beauty product retailer Lush, Nasdaq OMX and blog publisher Gawker Media that triggered password resets at social media sites LinkedIn and Yahoo!.
Last month, two prominent Russian underground hacker communities, Maza.la and Direct Connection themselves were breached and their member databases leaked to security firm RSA, which was soon after hacked and details of its SecurID token product stolen prompting speculation cybercrime gangs were waging a cold war for online dominance.