13.12.2024 16:47:00
Дата публикации
Booking.com has faced criticism after discovering a bug that compromises user privacy. Its system automatically adds bookings to users’ accounts if their email address is entered at checkout, even if the email address is misspelled.
The quirk has already led to personal information being leaked to strangers.
The case of a user known as Alfie brought the issue to the media’s attention. Alfie noticed that a booking he didn’t make had been added to his account. When he contacted support, he learned that the error was due to another user entering an incorrect email address. The booking was eventually linked to his account.
Booking.com confirmed that it was not a glitch, but a system feature. When an email address associated with an existing account is entered, the system automatically attaches the booking. However, this automation does not provide a mechanism for correcting errors, even if they lead to a data leak.
The most worrying aspect was that Booking.com support staff revealed to Alfie the full details of another user, including his email address and country of residence. This raised questions about data protection and possible abuse if someone deliberately exploited such a vulnerability.
Experts emphasize that the situation could have been resolved by checking addresses before adding bookings to accounts. For example, requiring email confirmation could have prevented such errors and protected users’ personal information.
Jacob Hoffman-Andrews from the Electronic Frontier Foundation noted that the platform should provide an option to cancel such accidental bookings. This would minimize the risk of data disclosure and eliminate the consequences of human error.
Booking.com has no plans to change the functionality yet, stating that the issue is related to user input errors, and not a system vulnerability. However, this case demonstrates that current data protection measures are insufficient and need to be improved.
Users may face a situation where their information becomes available to third parties, which opens up new risks to privacy.
In the context of increasing digitalization, it is critical to review approaches to data protection. Booking.com must be aware of these risks and implement more effective controls to prevent similar situations in the future.
(text translation is done automatically)
The quirk has already led to personal information being leaked to strangers.
The case of a user known as Alfie brought the issue to the media’s attention. Alfie noticed that a booking he didn’t make had been added to his account. When he contacted support, he learned that the error was due to another user entering an incorrect email address. The booking was eventually linked to his account.
Booking.com confirmed that it was not a glitch, but a system feature. When an email address associated with an existing account is entered, the system automatically attaches the booking. However, this automation does not provide a mechanism for correcting errors, even if they lead to a data leak.
The most worrying aspect was that Booking.com support staff revealed to Alfie the full details of another user, including his email address and country of residence. This raised questions about data protection and possible abuse if someone deliberately exploited such a vulnerability.
Experts emphasize that the situation could have been resolved by checking addresses before adding bookings to accounts. For example, requiring email confirmation could have prevented such errors and protected users’ personal information.
Jacob Hoffman-Andrews from the Electronic Frontier Foundation noted that the platform should provide an option to cancel such accidental bookings. This would minimize the risk of data disclosure and eliminate the consequences of human error.
Booking.com has no plans to change the functionality yet, stating that the issue is related to user input errors, and not a system vulnerability. However, this case demonstrates that current data protection measures are insufficient and need to be improved.
Users may face a situation where their information becomes available to third parties, which opens up new risks to privacy.
In the context of increasing digitalization, it is critical to review approaches to data protection. Booking.com must be aware of these risks and implement more effective controls to prevent similar situations in the future.
(text translation is done automatically)
