Breach that affects travelers.

Discussion created by californian on Sep 24, 2014

World's largest travel site hacked, a million cards at risk


Another day, another hack? But this one is different. A huge data breach of the world’s largest travel site has exposed over a million credit cards. But would you want credit card thieves to also know your travel plans and when you’ll be away from home?


If you've ever planned a trip online, then you've probably made at least one stop at TripAdvisor. It's the biggest online travel hub, and a breach at its sightseeing subsidiary, Viator, just exposed 1.4 million credit cards belonging to 800,000 customers.


Think you may be affected? Click here to find out what to do when you suspect that your credit card is compromised.

Viator is a worldwide marketplace for tours and sightseeing excursions. According to a press release on Viator's website:

“On September 2, we were informed by our payment card service provider that unauthorized charges occurred on a number of our customers' credit cards. We have hired forensic experts, notified law enforcement and we have been working diligently and comprehensively to investigate the incident, identify how our systems may have been impacted, and secure our systems.”

TripAdvisor isn't mentioned in Viator's press release. I can definitely understand why, I mean name one online marketplace that wants to be associated with a security breach. What only TripAdvisor and Viator know, however, is whether or not TripAdvisor would be vulnerable to the same exploit that cracked Viator.


While the Home Depot, Target and many other data breaches have been caused by malware that targets point-of-sale systems, this one is different. POS malware will lift a victim's name, card number and other applicable information.

Breaching a site like Viator means that criminals could have access to more information than any POS malware can provide. Even worse is that if the exploit worked on Viator, who's to say that the hackers haven't already hacked TripAdvisor?

Millions of people use TripAdvisor to plan out every step of a trip. If a criminal were to gain access to that database, they could sell a geographically mapped list of when home owners would be out of town.

Viator (again, a company owned by TripAdvisor) only learned of the breach on the 2nd of September, and finally announced news of the breach 17 days later. If TripAdvisor's response takes the same amount of time, that's 17 days of all-you-can-rob.that affects