Two Australian Tourism Board Websites Hacked And Defaced From Iraq

If you’re planning a trip to Australia and were recently on either the Tourism Industry Council of New South Wales website or the New South Wales Tourism Awards website you may have been a bit confused, and even somewhat disturbed, at what you saw.

Earlier this week, the two NSW websites were hacked and defaced with unsettling photographs. For example, instead of pictures of Sydney Harbour and the Outback, visitors were greeted by a young woman with a gag over her face. Other images included Batman’s archenemy, the Joker, and the “V For Vendetta” Guy Fawkes mask, an iconic symbol of the Occupy Movement.

Andrew Jefferies, Tourism Industry Council NSW’s general manager, has stated the hackers have been traced to Iraq.

“I still don’t know why someone would want to hack into our two sites,” he told “It’s forced us to increase our security and change our passwords and back up processes to ensure that we don’t have any of these problems again.”

After being hacked on Monday and again Tuesday, the sites are now back up and running. Unfortunately, since it was traced overseas, the company doesn’t believe there is much they can do aside for keeping their guard up and working to ensure it doesn’t happen again.

[Image via edans]

TripAdvisor database hacked – email addresses compromised

If you have ever rated something on TripAdvisor, you may be in for a nasty surprise in your inbox in the coming weeks. Last weekend, hackers penetrated the TripAdvisor member database and stole up to 20 million records.

In a statement issued by TripAdvisor on their site, the only information they say was impacted involved email address. TripAdvisor does not store credit card information or other financial data and passwords are said to be secure. As a precaution, it may still be safe to change your TripAdvisor password and anywhere else you used that same password.

The impact from this should be relatively minimal – most people could end up with a bit more spam than usual, but in today’s spam overload world, a couple more V1ag7A! emails won’t really be noticeable.

TripAdvisor claims they identified the vulnerability and shut it down immediately. The full email sent to customers can be found after the jump.

To our travel community:

This past weekend we discovered that an unauthorized third party had stolen part of TripAdvisor’s member email list.

We’ve confirmed the source of the vulnerability and shut it down. We’re taking this incident very seriously and are actively pursuing the matter with law enforcement.

How will this affect you? In many cases, it won’t. Only a portion of all member email addresses were taken, and all member passwords remain secure.

You may receive some unsolicited emails (spam) as a result of this incident. The reason we are going directly to you with this news is that we think it’s the right thing to do. As a TripAdvisor member, I would want to know.

Unfortunately, this sort of data theft is becoming more common across many industries, and we take it extremely seriously.

I’d also like to reassure you that TripAdvisor does not collect members’ credit card or financial information, and we never sell or rent our member list. We will continue to take all appropriate measures to keep your personal information secure at TripAdvisor. I sincerely apologize for this incident and appreciate your membership in our travel community.

Steve Kaufer
Co-founder and CEO

Hotels top target for hackers

According to online security trade publication, hackers went after the hotel sector more than any other in 2009. And, they didn’t get caught: it took hotels an average of 156 days to discover a security breach. A study by Trustwave’s SpiderLabs of 218 security breach investigations in 24 countries found that 38 percent hit the hospitality industry, 19 percent for financial services, 14 percent for retailers and 13 percent for food and beverage.

So, why are hackers poking around in hotel systems? Credit cards!

Hackers are looking for payment information that they can steal and use elsewhere. This information that can be converted to cash quickly, says Trustwave SpiderLabs executive Nicholas Percoco. Other sensitive information wasn’t nearly as popular, with the likes of financial, authentication and healthcare information good for only 1 percent of what was stolen.

Best Western (Europe) becomes the victim of the largest data theft in the world (UPDATED)

The European operation of the Best Western hotel chain has become the victim of a massive cyber-theft attack. By placing a “keylogger” on a corporate computer connected to their reservations system, a whopping 8 million customer records were stolen. Included in the records are names, address, phone number, credit card numbers and employment information.

The records were stored for every single customer who stayed at one of 1300 European Best Western hotels since 2007. The Sunday Herald reports that the theft was carried out by an Indian hacker, who then put the information up for sale on an underground web site, operated by the Russian Mafia. The entire story sound like it was copied right out of a spy novel.

The whole thing is extremely embarrassing for Best Western, who have handed control of their European computer operations over to their American colleagues. According to a UK based Best Western spokesperson, the company is “taking appropriate action”. Of course, none of this will be of any use to people who have lost their information, and credit card companies might have no other option than to issue millions of new cards to victims of this theft.

If you stayed at a Best Western hotel in Europe in the past year, you may want to contact your credit card provider, and keep a close eye out for trasnactions you did not approve.

Source: Sunday Herald (via Slashdot), Image from Flickr.

UPDATE: Best Western have conducted an internal investigation and “found no evidence of 8 million stolen records” (PDF file). I’m sure time will tell whether this was all all elaborate hoax by an amateur hacker.