TripAdvisor: E-mail addresses stolen in data breach

Popular travel site warns customers that a portion of its members' e-mail addresses have been stolen.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills

If you use TripAdvisor you may soon be getting more spam. The travel site told customers in an e-mail today that someone had breached its network and stolen e-mail addresses for an undisclosed number of its members.

"This past weekend we discovered that an unauthorized third party had stolen part of TripAdvisor's member email list," Steve Kaufer, co-founder and chief executive, wrote in the e-mail. "We've confirmed the source of the vulnerability and shut it down. We're taking this incident very seriously and are actively pursuing the matter with law enforcement."

He did not divulge how many e-mail addresses were exposed, but said it was "only a portion of all member e-mail addresses." Meanwhile, passwords remained secure, he said, adding that the site does not collect credit card or financial information and does not sell or rent its member list.

In an FAQ on the TripAdvisor site the company said it is still investigating the incident and could not say when it occurred.