Travelodge hacked, investigating
Hotel chain's customers aggrieved
Travelodge is investigating its IT systems to discover how customer email addresses have gone astray.
The Reg was contacted this morning by a reader who was receiving spam emails to a unique email address he had only given to Travelodge.
Several other customers have blogged of similar experiences, here's Shepy's post on the apparent hack.
Either LulzSec has taken a step down from hacking the US Senate and the CIA to target the motel chain, or Travelodge has been hit by more commercially minded hackers.
Travelodge told us: "We are aware that some customers have received a spam email. We have not sold any data and we are currently investigating this issue."
Reg reader Richard emailed the company to complain and is still awaiting a response.
There's more on Twitter here. ®
Bootnote: This story briefly made mention of Lenny Henry. As several readers pointed out he advertises a rival low-rent motel for road warriors. Apologies all round...
"Hotel chain's customers aggrieved"
...yeah, but to be fair they mainly were before the hack.
After a series of incredibly bad experiences with them I avoid them wherever I can. Lenny Henry's favourite lot are much better, and often not much more expensive.
It must be the 'hackers'
I've said it before and I'll say it again. The sheer number of corporations hit by 'hacker' attacks in the last six or seven months, compared with previous years, just seems improbably large. And while some are no doubt genuine external penetrations, I still have this nagging feeling that some individuals in some companies, with or without the backing of their superiors, may be using 'hackers' as an excuse to sell customer data for profit. I have no evidence of course, and I wouldn't even dare suggest which ones are probably genuine and which might be deliberate. I just have a very strong gut feeling that there are shady dealings afoot. The numbers simply don't feel right.
And remember, those of us who use unique e-mail addresses for each recipient are a tiny, tiny minority of the customer base, even for technology companies and gaming websites. For someone like Travelodge the percentage will be even smaller. The vast majority of people who end up getting spammed as a result of this situation, be it penetration or otherwise, will be none the wiser as to why. So for any company or individual who WAS selling the customer database, the rewards would be great and the risk of detection relatively small.
Not too surprised considering their IT dept recent form
Considering all the problems Travelodge have been having recently with their brand new site that lasted a week back in February before being pulled due to half of it not working properly (really well tested)!
Then they had their £10 sale which took their web site offline all day due to not figuring out that maybe, just maybe it might generate a little more traffic than normal, giving those tech heads who saw it a bit more concern over their IT dept skills or budget.
Would be interesting to know if the people who got this spam last booked via the old or new web site as that might give a clue as to exactly what got hacked (if anything) and who is to blame.
AC due to some connections to Travelodge.