TripAdvisor admits to database security breach

Popular travel website TripAdvisor is the latest well-known brand to ‘fess up to a security breach.

Earlier this week, online entertainment retailer lost a bunch of customer data to cybercrooks via an external marketing company. Late last week, no less a scalp than RSA – the security company’s security company! – admitted publicly that criminals had penetrated its servers and stolen possibly-significant trade secrets.

TripAdvisor alerted its users with an email describing what had happened. Fortunately, it looks as though the bad guys only managed to make off with email addresses.

This past weekend we discovered that an unauthorized third party had stolen part of TripAdvisor's member email list.

How will this affect you? In many cases, it won't. Only a portion of member email addresses were taken, and all member passwords remain secure.

The stolen email list will be pretty handy to spammers and scammers, and TripAdvisor shouldn’t have let the crooks get hold of it. But many people publish their email addresses openly anyway, or have addresses that are easy to guess. So your email address is probably the least worrying part of your online persona to lose.

That makes this an embarassing breach rather than a dangerous one. However, that’s cold comfort for TripAdvisor.

If you use email for direct marketing purposes, don’t let yourself get caught out like or TripAdvisor. Whether you lose email lists from your own servers or through a third-party marketing company is irrelevant – it’s your brand which suffers. Even if you only lose email addresses, it’s a poor advertisement for your business.