back to article Travelodge still doesn't know who hacked it

Travelodge is still trying to find out who got into their customer database and snaffled names and email addresses. The budget chain told the Reg it has asked outside contractors to go through its systems to try and find the culprits. A spokeswoman said: In the last 24 hours, we have been conducting a comprehensive …

COMMENTS

This topic is closed for new posts.
Silver badge
Black Helicopters

Suspicious

Anyone else here reckon they might have sold (part of) their customer database to the spammers, and now that they've been found out, are trying to blame a break in?

4
1
Silver badge

It doesn't have to be that

Travelodge sends out frequent targetted (junk) mail to people who've stayed in their hotels. Presumably these are based on particular demographics of customer, run through a database query, turned into a list and then fed into some automated mailshot program. The marketing people handling these lists probably aren't clued in about security so there is a lot of potential here for a list to leak out given the frequency of emails and the people doing it.

Maybe they did get hacked, but as likely someone left a list on a memory stick, or emailed it out to some external email address, or they gave it to a 3rd party who goofed in a similar way. etc.

3
0
a53

No....

We weren't..... Honest......

1
0

Hmm

So they have no idea what happened but "We can further confirm no financial data has been stolen, accessed or compromised. Really? If they have no idea where the email addresses came from can they really say this and be certain of it?

4
2
Anonymous Coward

Well I'm very concerned......

Very concerned indeed.

What if someone leaks that I've stayed in a Travellodge?

The shame.

11
0
Happy

OMG we've been haxxord!!1!

Funny how after years of denials, all of a sudden it's ok to admit you've been hacked, it's the new dog ate my homework excuse for corporate incompetence.

4
0
Silver badge

I wonder if they use SilverPop

They've been hacked before:

http://www.theregister.co.uk/2010/12/15/silverpop_breach_probe/

0
0
Bronze badge
Windows

e-mails are like postcards

Something to bear in mind is that when Travelodge or anyone else sends out a batch of e-mails, they are probably reliant on a whole bunch of intermediate servers that sit between them and the end user. The internet being what it is.

This being the case, any compromised server along the route could potentially have access to any of those e-mail addresses and the names of recipients.

0
0
FAIL

bulk email resenders have been targeted before

In October of last year I received spam to a number of semi-private mail aliases each used in connection with only a single web site. Eventually, I determined that each of these sites had used ThinkSend (aka createsend.com aka thinksend.com) so send their legitimate opt-in marketing emails at various times during 2009. One of the organisations followed up on this and confirmed that ThinkSend had been compromised during that timeframe: http://www.campaignmonitor.com/blog/post/2852/

More recently, I have received spam targeted at an address only known by me and laterooms.com, but their investigations drew a blank on that one. Thinking about it, I wonder if any data sharing goes on between laterooms and Travelodge?!?

0
0
Facepalm

source of emails

I recall a tourist hostel that employed casual night staff who were given access to the reservations system through a restricted access account. Unfortunately you could have unrestricted access to the database through a mapped drive where full customer details, Credit Card details etc., were stored entirely in the clear. The usernames and passwords for access to the reservations system were also stored unencrypted in a table. The manager used the same password on the electronic door system - so you could create your own master key ..

1
1
Joke

Not Mr and Mrs Smith

They should have got suspicious when one of Little Bobby Tables' relatives booked in under his full name.

2
0
WTF?

I only got the "if you got spam" message from them

which frankly, in the absence of any spam which I could detect claiming to be Travelodge, was spam.

Oh, irony.......

0
0
FAIL

"Travelodge still doesn't know who hacked it"

But they do know no credit card records were taken?

Hmm...

0
1
Facepalm

@Hardcastle the ancient

Yes they quite possibly do, because companies regularly offload credit card details to a more secure PSP and instead use a one-way hash to process transactions. They don't have to retain the original details to use them.

0
0
Childcatcher

That will be ...

...Traveldodge then.

0
0
WTF?

Dear Customer

"Our main priority is to ensure the security of our customers' data"

Hmm, clearly their main priority isn't about providing hotel rooms - then again, having stayed at some travelodges...

2
0
Anonymous Coward

Maybe it was that Peggy character from the credit card company.

I understand they've been losing lots of customers to the barbarians.

0
0
This topic is closed for new posts.

Forums