Dave Lee reports that a simple url manipulation exposed customers’ information:
A hotel booking website that was leaking large amounts of customer information is being investigated by the UK data privacy watchdog.
HotelHippo.com, owned by HotelStayUK, had revealed booking information that had been a “gift for burglars”, a security expert said.
The exposed data could allow the matching of hotel bookings with home addresses.
[…]
The leaked data included the date, location and length of a hotel stay. On a separate page, the home address of the person who made the booking could also be found.
Mr Helme said a simple programme could be written to pull the data from the site – essentially creating a database of addresses where the residents were staying at hotels, and for how long.
Read more on BBC.