Expedia Security Breach Email, Anyone Else Affected?

pformag on 21/11/2018 - 11:43
Last edited 21/11/2018 - 11:43

Hi All,

Got this email from Expedia last night. It looks like a legit Expedia email address, and the hotel mentioned is one I recently stayed at that I booked through Expedia. Just seeing if anyone else has gotten one recently, as I assume this would be bigger news, but can't see anything on any websites. It may be a scam, but there is no links list to click on.

Dear Valued Customer,

We are aware of an incident involving potential unauthorized access to your booking information on Expedia .Our investigation shows that an unauthorized party may >have gained access to personal information, including payment details for this booking, through an incident targeting our systems.

You may have received messages or emails claiming to be from the hotel you booked, however, these messages may not have been authorized by the hotel Duxton Hotel >Perth. Whether or not you responded, we strongly recommend that you:

• Contact your debit or credit card company immediately to discuss whether you should cancel your card.

• Review your recent billing statements carefully, and alert your card company of any unusual activity.

Remember, we will never ask for sensitive or financial information in an email, nor will we request a money transfer to any account. If you received any >suspicious messages or emails, we encourage you to do the following:

• DO NOT share your personal data or credit card information.

• DO NOT transfer money to any suggested bank accounts listed in the message or email.

• DO contact your hotel at a published number to confirm any message’s legitimacy.

We apologize for this incident and any inconvenience it may cause. We assure you that protecting the information of our customers, and ensuring the integrity of all transactions, are things we take very seriously and are working to resolve this issue.

Should you have any questions please reach out to our Customer Service team.

Yours Sincerely,

The Expedia Team

Travel

Related Stores

Expedia Australia
Expedia Australia

Comments

  • pantsparty on 21/11/2018 - 11:59

    No

  • ATangk on 21/11/2018 - 13:15

    Never gotten one.

    But getting this email is better than them not telling you about it. It’s possible the leak came from the hotel side itself.

  • Xiaomi on 21/11/2018 - 16:16

    I use Expedia frequently, I did not receive this e-mail.

    Perhaps the data breach was on the hotel itself, rather than Expedia?

    EDIT: Great minds think alike

  • Gaz1 on 22/11/2018 - 14:39

    It is very strange how a google search of some of the content of the email comes up with not a single other match.
    If this was a widespread issue you would think that many people would be posting the contents of the message & it would show up in Google.
    This makes it more likely it was that particular hotel.

    Interesting that they suggest "• DO contact your hotel at a published number to confirm any message’s legitimacy."
    Have you contacted the Duxton to see if this email is legitimate & see if you can get an insight into the issue?

    • pformag on 22/11/2018 - 15:01

      I contacted Expedia, and this was their response.

      We've completed our investigation and confirmed someone unauthorized accessed your account. However, we've determined that the unauthorized activity doesn't pose a threat to secure information, like your bank account or full debit or credit card number.

      Keeping your personal information safe is our highest priority. To help secure your account, we've already reset your password. When you try to log in, you'll be asked to change the password again. This will let you gain access to your account and reduce the risk of further unauthorized access.

      To reset your password
      Log in to your account and follow the instructions to reset your password. Please do not use passwords relating to basic personal information, such as name of children or pets. We recommend not using the same password for other accounts.

      Password Requirements
      1. 8 characters
      2. 1 upper case, lower case, number and symbol
      3. Can not follow patterns (i.e.: 12345678)

      Verify Account information:
      While your payment information is safe, whoever accessed your account may have attempted to make changes to your account settings.

      Still need help?
      Please visit our customer service website.

      Best,
      Your Expedia Customer Service Team

      • Gaz1 on 22/11/2018 - 15:10

        Interesting.
        I guess it doesn't show how they accessed your account (i.e. doesn't disprove it was someone at the Duxton).
        It would be interesting to hear what the Duxton have to say on the matter if you were bothered.

        • pformag on 22/11/2018 - 15:14

          Yeah, very strange. All the credit card details only show my last 4 digits. But I still deleted them and changed my passwords.

  • Xiaomi on 01/12/2018 - 21:23

    Unsure if this is related but it's a huge hotel data breach

Login or Join to leave a comment
Login Join