"This past weekend we discovered that an unauthorized third party had stolen part of TripAdvisor's member email list," Kaufer said in an email to TripAdvisor members. "We've confirmed the source of the vulnerability and shut it down. We're taking this incident very seriously and are actively pursuing the matter with law enforcement."Kaufer's email said only "a portion" of all member email addresses were stolen, and no member passwords were compromised. His email also contained a link to an FAQ page for more information on the incident, but in response to a question about the actual number of hijacked emails, the answer said only, "It affected a portion of our membership."
When asked how many member emails were hacked, TripAdvisor spokesman Brooke Ferencsik told Consumer Ally that because the incident remains under investigation, "we have no additional information to share at this time."
TripAdvisor boasts 20 million members, and every one of them has been sent the Kaufer email. In it, he apologized to TripAdvisor members and assured those whose emails were compromised that the worst-case scenario only involved the possibility of them receiving spam email.
He also noted TripAdvisor doesn't collect members' credit card or financial information, and never sells or rents information about its members.
The FAQ page, however, did warn TripAdvisor members that while most spam is harmless, it can also be used to steal personal and financial information via phishing scams, and advised members to:
- Avoid opening suspicious or unsolicited emails.
- Never respond to spam or click any links.
- Avoid giving personal or financial information in an email, especially credit card information, bank account information, passwords and ID numbers. The site says it will never ask for your password or sensitive personal information over email.
Although data theft is becoming increasingly common, Kaufer said, TripAdvisor takes it seriously, and the FAQ page promised the company would take additional steps to prevent the repeat of any further security breaches.
"We are also are implementing additional security precautions to help prevent another incident in the future."