Kayak.com investigates search engine glitch that exposed users' personal data

Online travel website Kayak.com is investigating a security breach
Online travel website Kayak.com is investigating a security breach

Kayak.com customer Kevin Hunt reported to the company that when he searched for his reservation details by his last name and last four digits of his credit card, personal information of other users named Hunt came up. The personal information on the other Hunts included home addresses, phone numbers, emails, and credit card expiry dates, according to a report by the Toronto Star newspaper.

In response to Hunt’s email reporting the problem, Kayak.com officials sent the following reply: “While the presentation is odd/etc and clearly not what a consumer would expect of our site, no financial/authentication/etc information has been exposed.”

After Hunt posted the details of the problem on a travel chat forum, the company shut down the search engine.

The newspaper contacted Kayak.com cofounder Paul English, who said that the company was investigating how many people were affected by the problem. “No credit card or social security info was released. There was some limited exposure to contact info”, he said.

What’s Hot on Infosecurity Magazine?