Let’s cut to the chase. Some links on this site pay us referral fees for sending business and sales. We value your time and money and won't waste it. For our complete advertising policy, click here. The content on this page is not provided by any companies mentioned, and has not been reviewed, approved or otherwise endorsed by these entities. Opinions expressed here are the author's alone.

Hey Martin and Kim, hope you enjoyed your Easter Island tour from May 3rd-9th.

If your name is John Smith, you may not need to worry too much, but if your name is at all unique, or your social media profiles are easily viewed, this may be one of the creepiest things we’ve seen in quite a long time. Thanks to a tip off, we’ve found that many of the most rudimentary travel booking sites, for things like tours, guides and the like reveal your personal details, including email address, amount paid and more, with an ease that’s nothing short of appalling. In fact, we were able to view names, details, pick up points and amount paid for over 1700 bookings in mere minutes. And that’s just one site…

Easter Island, Anyone?

If you’ve ever been to Easter Island, or are going – there’s a very fair chance you booked with EasterIsland.Travel. It’s the #1 rated tour, hotel package and travel company in Easter Island, and without a doubt – it’s a great choice. There’s just one problem. They’re practically publicly broadcasting all of your personal information, which tour, how much you paid and your email address – oh – and where you’re getting picked up.

Serious Implications

This may not sound like too big of a deal to some, but with this information there’s just so much bad that could be done. The information could: allow someone to cancel or amend your booking, let burglars know you’re away, expose your hotel and personal travel plans, add your name to spam email lists (as if we don’t already get enough of them). And that’s just with basic Google searches. Anyone with the aim to cause harm could do much worse with this internet security flaw.

Privacy Breached

No one wants their privacy breached, but you could easily figure out how to pull up the details of anyone who booked. Yes, you. This isn’t some high level spy novel. The screenshots provided show just how easy it was, simply by switching out numbers. By doing so, anyone could quickly gain quite a lot of detail about unwitting strangers Easter Island plans, tours and where someone is staying. For a celebrity, this would be an absolute nightmare travel nightmare. If you ever come across a booking site, which seems to put a unique number into the web address after booking, be weary. By changing any number before yours you may be able to open pandoras box. Yikes.

Are There More

The answer is yes. In fact, it’s been proven in the past. A 2014 story from Current Affair, picked up widely across the media highlighted a similar such security flaw. After consulting tech experts, we were told this sort of issue is extremely common, especially within smaller travel businesses which rely on basic web tools. In a world of GDPR and other protections, it’s simply inexcusable. And as we’ve said – downright creepy. Lets hope this reputable tour company makes their online profile match their real life offerings, without any further public data leaking about you.

Responses are not provided or commissioned by the bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by the bank advertiser. It is not the bank advertiser's responsibility to ensure all posts and/or questions are answered.

Get the travel tips you can't afford to miss delivered right to your inbox. Subscribe below!

Get the travel tips you can't afford to miss delivered right to your inbox. Subscribe below!

* indicates required

You have Successfully Subscribed!