Readers keep pointing out comparatively simple vulnerabilities that they encounter in everyday life. Like this letter, which we don’t want to withhold from you with the consent of the reader.
Hello dear Heise editors,
I am very disappointed and would like to share my experience with someone. Thanks for listening. 🙂
I am currently on holiday in Egypt and the hotel of course offers information and restaurant reservations online. However, because we could not successfully log in with room number and last name, I took a look at the Chrome Devtools. You can quickly see that the check happens in the client, which fetches the reservation details via web request. Completely without authentication.
And probably for all hotels in the group and all rooms. Information includes name, date of birth, email, phone number, country. The query part of the request contains our reservation with hotel=N and room=XXXX, you can try it out quickly and you will find lots of personal data – of course also from complete strangers.
That’s really disappointing. And I think that kind of thing is ubiquitous. If you want to avoid data leaks like this, you have to give up a lot of things, because fighting all such leaks is a fight against windmills. The question is no longer how to protect your data, but how you live with the fact that such things are public. When banks and health insurance companies verify callers by asking for their date of birth and address, that’s no longer enough.
Do you know something like that too? Did you have similar experiences?
Go to home page
#heise #hotel #neighbors