How hackers can ruin your summer vacation

From airports to hotels to that cute cafe you found, it just takes one cybersecurity slipup to turn your holiday into a nightmare.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
4 min read
Watch this: Stay hacker-free on vacation: Go 'electronically naked'

It was the Summer Olympics in 1996 in Atlanta. Ken Spinner, then a systems consultant -- and tourist in the city -- lost his credit card information.

But this was more than two decades ago, so it happened the old-fashioned way: a mugging at the ATM.

Today, hackers can steal your credit card information without leaving their couches. That's particularly worrisome if you're taking off for the summer. It's peak vacation time, but it's also the perfect season for hackers.

As Americans take more than 657 million trips between the Memorial Day and Labor Day weekends, they're vulnerable to cyberattacks that steal their credit card data and personal information. For cyberthieves, resort hotels and airports make for lucrative hunting grounds.

It's no different from why thieves and pickpockets target tourists on vacation: They're in an unfamiliar setting, they have their guard down and, more importantly, they've got money.

"It's like why people rob banks. That's where the money is," said Scott Petry, co-founder of the secure browser Authentic8. "If people go to vacation, they go to resorts."

From a cybersecurity perspective, hotels aren't exactly bastions of relaxation. Over three months in 2016, more than 1,200 InterContinental Hotels suffered hacks. Malware has also hit President Donald Trump's luxury hotel chain, along with Sheraton, Westin, Starwood, Marriott, Hyatt, Kimpton and Wyndham hotels -- the list goes on.

In every one of those breaches, thieves stole credit card information from the hotels, leaving thousands of unsuspecting customers open to getting robbed. It's not just your money these hotels are losing; addresses, phone numbers, names, and check-in and check-out times are all fair game.

Laptop using Wi-Fi at the beach.
Enlarge Image
Laptop using Wi-Fi at the beach.

In the age of unsecured Wi-Fi, there's more than one way to get burned at the beach.

Aaron Robinson/CNET

"Point-of-service systems have become notoriously insecure," said Adam Levin, a consumer advocate and chairman of Cyberscout. "Can you think of anyone that hasn't had a [breach] at a hotel? There are very few that have escaped so far."

Because many hotels are chains, one breached location means hackers can break into the entire network for the "mother lode of information," Levin said. The stolen information can be sold online for up to $50 per account.

The majority of incidents start from a single employee at a hotel getting phished, he added.

So even if your family takes all the precautions to keep your credit card information safe, and the hotel you stay at is safe, it could be a part of a compromised network. You could do nothing wrong and still lose.

Levin suggests that hotels invest more in encryption and in testing their security systems regularly.

But the breaches don't stop at hotels. Airports, coffee shops, beaches -- any place with open Wi-Fi, really -- should have you on the lookout.

Safe travels

Don't fret too much, though. There are still ways to keep yourself safe.

When you're traveling and don't have your precious home or office internet access, be wary of any public Wi-Fi network you jump on. You might be setting yourself up for a man-in-the-middle attack.

That's when a thief will set up a bogus hotspot, made to look exactly like the public Wi-Fi you wanted to get on, like the hotel lobby's or the airport's. When you sign on, you're actually sending all your data to the hacker, without any warnings that you're being compromised in plain sight.

It happens so frequently that in Singapore more people are afraid of using public Wi-Fi than public toilets.

"People typically have their guard down when they're on vacation," said Spinner, now vice president of field engineering at software protection company Varonis. "They won't consider what the implications are if they go to a rogue Wi-Fi hotspot."

Spinner recommends avoiding banking websites or typing in sensitive information, and he encourages always using an encrypted connection.

In some more extreme cases, he'll recommend going "electronically naked." That means leaving every piece of technology at home: your phone, your laptop, your tablet, your iPad -- you know, everything.

There are entire retreats dedicated to detoxing from digital life, so the idea of going on vacation without any technology isn't as farfetched as you may think. Spinner said he does it anytime he visits China or Russia. He explained it's because that's where "hackers emanate from."

Enigma Software took a look at cities in the US, Canada and Europe that have the highest malware infection rates, though not all of the victims are people vacationing.

"IT and cybertechnology has changed since the Atlanta Olympics, but I think it's becoming harder and harder for people to keep their information private," Spinner said.

If you're heading to any of these cities, consider going electronically naked:

US Canada Europe
  • Orlando (1,146% higher than
    the national average infection rate)
  • St. Louis (958% higher)
  • Denver (759% higher)
  • Atlanta (738% higher)
  • Tampa (696% higher)
  • Ottawa (1,031% higher)
  • Trois-Riveres (153% higher)
  • Montreal (122% higher)
  • Burlington (110% higher)
  • Toronto (80% higher)
  • Lisbon (473% higher)
  • Paris (223% higher)
  • Athens (214% higher)
  • Amsterdam (147% higher)
  • Barcelona (96% higher)

Tech Enabled: CNET chronicles tech's role in providing new kinds of accessibility.

Batteries Not Included: The CNET team reminds us why tech is cool.