back to article Travelodge still doesn't know who hacked it

Travelodge is still trying to find out who got into their customer database and snaffled names and email addresses. The budget chain told the Reg it has asked outside contractors to go through its systems to try and find the culprits. A spokeswoman said: In the last 24 hours, we have been conducting a comprehensive …

COMMENTS

This topic is closed for new posts.
  1. Ralph B
    Black Helicopters

    Suspicious

    Anyone else here reckon they might have sold (part of) their customer database to the spammers, and now that they've been found out, are trying to blame a break in?

    1. DrXym

      It doesn't have to be that

      Travelodge sends out frequent targetted (junk) mail to people who've stayed in their hotels. Presumably these are based on particular demographics of customer, run through a database query, turned into a list and then fed into some automated mailshot program. The marketing people handling these lists probably aren't clued in about security so there is a lot of potential here for a list to leak out given the frequency of emails and the people doing it.

      Maybe they did get hacked, but as likely someone left a list on a memory stick, or emailed it out to some external email address, or they gave it to a 3rd party who goofed in a similar way. etc.

  2. a53

    No....

    We weren't..... Honest......

  3. John Burton

    Hmm

    So they have no idea what happened but "We can further confirm no financial data has been stolen, accessed or compromised. Really? If they have no idea where the email addresses came from can they really say this and be certain of it?

  4. Anonymous Coward
    Anonymous Coward

    Well I'm very concerned......

    Very concerned indeed.

    What if someone leaks that I've stayed in a Travellodge?

    The shame.

  5. jubtastic1
    Happy

    OMG we've been haxxord!!1!

    Funny how after years of denials, all of a sudden it's ok to admit you've been hacked, it's the new dog ate my homework excuse for corporate incompetence.

  6. Tom 38

    I wonder if they use SilverPop

    They've been hacked before:

    http://www.theregister.co.uk/2010/12/15/silverpop_breach_probe/

  7. Anonymous Coward
    Facepalm

    source of emails

    I recall a tourist hostel that employed casual night staff who were given access to the reservations system through a restricted access account. Unfortunately you could have unrestricted access to the database through a mapped drive where full customer details, Credit Card details etc., were stored entirely in the clear. The usernames and passwords for access to the reservations system were also stored unencrypted in a table. The manager used the same password on the electronic door system - so you could create your own master key ..

  8. Mike Bell
    Windows

    e-mails are like postcards

    Something to bear in mind is that when Travelodge or anyone else sends out a batch of e-mails, they are probably reliant on a whole bunch of intermediate servers that sit between them and the end user. The internet being what it is.

    This being the case, any compromised server along the route could potentially have access to any of those e-mail addresses and the names of recipients.

    1. cowbutt
      FAIL

      bulk email resenders have been targeted before

      In October of last year I received spam to a number of semi-private mail aliases each used in connection with only a single web site. Eventually, I determined that each of these sites had used ThinkSend (aka createsend.com aka thinksend.com) so send their legitimate opt-in marketing emails at various times during 2009. One of the organisations followed up on this and confirmed that ThinkSend had been compromised during that timeframe: http://www.campaignmonitor.com/blog/post/2852/

      More recently, I have received spam targeted at an address only known by me and laterooms.com, but their investigations drew a blank on that one. Thinking about it, I wonder if any data sharing goes on between laterooms and Travelodge?!?

  9. Matt Bradley
    Joke

    Not Mr and Mrs Smith

    They should have got suspicious when one of Little Bobby Tables' relatives booked in under his full name.

  10. Fuh Quit
    WTF?

    I only got the "if you got spam" message from them

    which frankly, in the absence of any spam which I could detect claiming to be Travelodge, was spam.

    Oh, irony.......

  11. Hardcastle the ancient
    FAIL

    "Travelodge still doesn't know who hacked it"

    But they do know no credit card records were taken?

    Hmm...

    1. Jeff 11
      Facepalm

      @Hardcastle the ancient

      Yes they quite possibly do, because companies regularly offload credit card details to a more secure PSP and instead use a one-way hash to process transactions. They don't have to retain the original details to use them.

  12. Mips
    Childcatcher

    That will be ...

    ...Traveldodge then.

  13. Anonymous Coward
    WTF?

    Dear Customer

    "Our main priority is to ensure the security of our customers' data"

    Hmm, clearly their main priority isn't about providing hotel rooms - then again, having stayed at some travelodges...

  14. Anonymous Coward
    Anonymous Coward

    Maybe it was that Peggy character from the credit card company.

    I understand they've been losing lots of customers to the barbarians.

This topic is closed for new posts.

Other stories you might like