If you’re a TripAdvisor member, now is a good time to check your in-box, block any spam and check your member password, just in case.
The popular travel review site warned users on Thursday that a portion of its member e-mail list had been stolen, but member passwords were not compromised.
The alert was delivered to TripAdvisor members in an early morning email from the site’s CEO and co-founder, Steve Kaufer, although the breach was discovered internally last weekend.
“We’ve confirmed the source of the vulnerability and shut it down,” Kaufer wrote. “We’re taking this incident very seriously and are actively pursuing the matter with law enforcement.”
Kaufer reassured members that most of them would not be affected because only a “portion” of the site’s e-mail addresses were taken, but was still reaching out to all users because “we think it’s the right thing to do.”
He also said that TripAdvisor is putting in place additional security precautions to prevent another incident.
Since the site does not collect credit card or financial information, or sell or rent its member list, the damage was expected to be minimal, but annoying.
“You may receive some unsolicited emails (spam) as a result of this incident,” Kaufer wrote.
Despite the response from Kaufer, TripAdvisor has not yet released details on how many members TripAdvisor has in all, how many members are affected by the breach and what personal data could possibly have been obtained, beyond confirming that no passwords were taken.
The privacy breach was certainly not what Kaufer wanted his company in the headlines for today, the same day that website Gogobot announced plans to integrate with Expedia, Kayak, Hotels.com, Orbitz, and Priceline, making it a potential rival of TripAdvisor.
TripAdvisor is a part of the TripAdvisor Media Group of 18 travel websites that, together, have 20 million members and operate in 27 countries, according to information posted on TripAdvisor’s website.
Here is Kaufer’s email in its entirety: