Hotels are the most vulnerable to hack attacks as they have a trove of information through guest check-ins. The researchers found two-thirds of over 1,500 hotel websites in 54 countries with issues in their websites.
One of the issues stems from the URL, which is sent to the guests in emails. These URLs also contain the booking number.
The vulnerable websites have advertisers and third-party analytics tools embedded on the pages who also get the URL.
All that a potential attacker needs to do is enter the reservation number and gather all the personal information tied to it.
The researchers recommend hotels to stop information in the URL and start implementing authentication measures on confirmation pages.