Bob Sullivan reports:
Some Expedia.com customers are getting emails from the firm warning that a would-be criminal has obtained “unauthorized access … (to) your name, phone number, email address and travel booking.”
The details are being used in an attempt to trick customers into sharing even more personal information, the firm says.
[…]
Sarah Gavin, head of communications at Expedia, says the data was not stolen from Expedia, but rather a third party. The data was stolen by a criminal who successfully phished a partner hotel and obtained that hotel’s login credentials, and subsequently stole names and other information about consumers who had used the Expedia system recently to book a stay at that hotel.
Read more on BobSullivan.net.