DTX Manchester DTX Manchester
  • About Us
Friday, 22 January, 2021
IT Security Guru
CTX Manchester 2020 banner ad
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Hotel Hippo closed by parent after vulnerability disclosure

by The Gurus
July 8, 2014
in Editor's News
Share on FacebookShare on Twitter

Accommodation booking service Hotel Hippo was closed by its parent and “it will not reopen” according to its founder.
 
In a statement posted on pastebin by founder and managing director Chris Orrell, he said that the site was “little used” but security, safety and privacy was “of the utmost importance to us”. Following the revelations of security failings by Scott Helme, Orrell said he was “very alarmed to hear that our valued customers should have to face this worry” and it was “taking urgent steps to find out exactly what information might have been vulnerable”.
 
He admitted that its initial investigations show that just 24 customers might be affected, “but for even one customer, it is obviously completely unacceptable and we are very sorry”. He said that this was not something it has ever had to deal with before, and it was “doing everything we can to deal with the situation and ensure that lessons are learned, both by Hotel Hippo and others in the industry.
 
However the website is now displaying a message that says that the website is “permanently closed”, and a statement issued by its parent company HotelStayUK confirmed the number of affected user.
 
It said: “Despite there being no issues with our other sites, as the login process is quite different, as a precaution, we advised affected customers and took down all sites in the group one by one to put them through rigorous testing by independent experts to ensure their safety and security. These independent experts will be employed on an on-going basis to regularly test our sites.”
 
In an email to IT Security Guru, Helme said that the statement does mention that only 24 people were affected, but he was not sure how this could be the case.
 
“No matter how little the site was used, I can’t believe they only had 24 customers. The vouchers you can purchase to book a hotel (hotelvouchershop.com) are available from many retailers and it seems all of the order went through hotelhippo.com which is also where you receive your booking confirmation links,” he said.
 
“This leads me to believe that they think they have somehow identified only those customers who have had their details accessed without authorisation. Given that there is no login required to view the data, I’m not sure how they would determine who has accessed specific data and whether or not they should be accessing it. This leaves me wondering where the number ’24’ came from.”
 
Asked if the issues he found could have been resolved, and the site could have remained live, he said that was more than possible, and his personal view was that the closure was probably related to creating some distance from the brand that has now featured so prevalently in news articles. “I’d guess that they will kill off the brand to prevent any association with other sites and revive it under a new name.”

0 0 vote
Article Rating
FacebookTweetLinkedIn
Tags: HTTPSPCI DSSSSLVulnerability
ShareTweetShare
Previous Post

SNMP amplification could allow major DDoS attack sizes

Next Post

SIFMA and US Government partners to protect Wall Street

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

Instagram notification symbol in neon lights, with a white heart and a white 0 next to it

Social Media Fails to Monitor Extremist Content

January 21, 2021
The purpose of this image is to portray security through a key attached to what looks like a memory card.

Biden Administration to put Stronger Emphasis on Cyber Security

January 21, 2021
scrabble letters spelling out "Scam Alert"

Phishing Scam Exposes Stolen Passwords

January 21, 2021
Close up image of the sun/a star.

How did SolarWind Hackers evade Detection?

January 21, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept