Unhappy saga of Hotel Hippo draws to a close

Security

by Jimmy Nicholls| 03 July 2014

Travel website still faces investigation from the information commissioner.

Travel website Hotel Hippo has announced it will close down following news of a potential bug that may have allowed hackers to steal customer data by changing the site URL.

An initial investigation into the bug by the British company revealed 24 customers might have been affected, a finding the firm described as "completely unacceptable".

Chris Orrell, MD of Hotel Hippo, said: "This site was little used, but for each one of those affected customers their security, privacy and safety is of the utmost importance to us.

"This is not something we have ever had to deal with before and we are doing everything we can to deal with the situation and ensure that lessons are learned, both by us and others in the industry."

Site customers were given a five digit code that security consultant Scott Helme of Pentest said was included in the URL, potentially allowing a hacker to retrieve payment details and customer information through altering the address bar.

Helme previously said the site had only taken action once the BBC had got hold of the story, despite him notifying the company by email and telephone.

His report prompted an investigation by the information commissioner's office (ICO), which has confirmed it will continue to look into the alleged breach despite the website's closure, adding that it had nothing to report just yet.

Orrell said that his company would contact every customer who had booked a holiday through the site, offering them compensation for any inconvenience caused.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

733 people like this.
0 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.