So you’ve gone ahead and booked a vacation package deal, ordered cheap airline tickets, and ultimately had a stress-free trip. Now you’re at the hotel where you’ll be staying for the next few nights. But are you safe?
Not just physically, but also digitally. With each passing year, more and more travelers are falling victim to data breaches and privacy invasions that are inconvenient at best but life-destroying at worst — all because of a few simple but costly hotel mistakes.
If you don’t want your next hotel stay to turn into an identity theft nightmare, here are some things to keep in mind.
1. Payment Details Can Be Stolen
2014 was the year of data breaches. Every few weeks, a new story would pop up about how this company or that company had their databases hacked and their data stolen: credit card numbers, login credentials, personal details, etc. It was an absolute mess.
Unfortunately, hotels are not immune to any of that.
During that same year, a hotel management company — the one that maintains big name brands like Hilton, Marriott, and Sheraton — fell victim to a data breach that affected at least 14 of their hotels across the country. This breach exposed the credit card and debit card details of guests who had stayed in those hotels during 2013.
More recently, in late 2015, Hyatt Hotels Corporation found malware on some of their payment-processing computers. While it isn’t yet clear if any credit card or debit card numbers were stolen, we do know that a lot of sensitive information was available on those computers and it’s possible that they were.
As a hotel guest, there isn’t much you can do about this. Each hotel is responsible for its own data security and it’s beyond your control whether or not they get breached. However, there are a few precautions you can take to minimize your risks against fraud.
First, always pay using credit cards because they offer more user protections than debit cards. (Just be careful to not fall into credit card debt.) Second, familiarize yourself with the warning signs of identity theft. That way, if something does go wrong, you can rectify the issue sooner rather than later.
2. Never Trust Public Wi-Fi Networks
Hotel Wi-Fi connections are hotbeds for security issues. Many people now realize and understand that public Wi-Fi is problematic for several reasons, but people tend to forget that hotel Wi-Fi is public Wi-Fi and should be treated as such.
Consider the “Dark Hotel” threat that surfaced in 2014 and affected hotels across the U.S., Germany, Ireland, and East Asia. When users connected to an infected hotel’s Wi-Fi network, they were prompted to “update” some well-known software like Adobe Flash — but in actuality, they’d end up unknowingly installing malware.
This bit of malware mainly recorded keystrokes and stole details like login credentials and online payment information. The hotel malware itself, which remained inactive for six months after initial infection, was spread through phishing techniques and exploited vulnerabilities in the Wi-Fi network setup.
And then in 2015, a vulnerability was found in InnGate network routers (which are used by many hotel Wi-Fi networks) that could distribute malware, record network data, and even hack into the hotel’s keycard system. Infected devices were found in at least 29 separate countries, most prominently in the U.S., Singapore, and the U.K.
Here’s the thing about hotel Wi-Fi networks: hackers have learned that hotel networks can be quite profitable. Rich business executives travel a lot, and when they do, they stay at hotels. Plus, hundreds — maybe even thousands — of guests could be connected to a single hotel network.
That’s a lot of data to collect and exploit. So the next time you’re in a hotel room and thinking about checking your online banking balance, you may want to reconsider. It’s impossible to know who might be eavesdropping on your connection and sniffing out your sensitive data.
Fortunately, there are ways to stay safe on public Wi-Fi, though they’ll require a bit of diligence on your part. At the very least, though, you should learn all of the common misconceptions about wireless networks so you are never caught off guard.
3. Hotel Doors & Safes Can Be Cracked
In a hotel, your computer isn’t the only thing at risk. If the hotel provides you with a safe or lockbox in your room, don’t be so quick to dump everything in there and expect it to remain untouched.
Your chance of being robbed may be low, but it’s definitely not zero. There are videos on the Internet that demonstrate how to crack different kinds of hotel lockboxes, and once you see how trivial the process is, you’ll second guess how effective those things really are.
And because these videos are floating around on the Internet, it’s best to assume that everyone — even the hotel maid — knows how to do this. It’s too bad that a lot of hotels still haven’t replaced their easily-cracked boxes because it’d be too expensive to do so.
Of course, for someone to break into your room safe, they’d first have to break into your room itself. Unfortunately, this can also be trivially easy in some cases.
How do you feel knowing that a simple marker is all it could take to bypass a door like the one above? Obviously it doesn’t apply to all kinds of doors, but it does raise an important question: how many electronic doors have vulnerabilities like that?
Consider the case of Cody Brocious, who discovered a way to exploit Onity door locks using a $50 device that he built himself. It wasn’t a perfect hack, but even an imperfect hack is seriously distressing when it comes to hotel safety and security.
Nowhere Is Safe, Not Even Hotels
To be clear, our aim isn’t to turn you paranoid. Millions of people stay at hotels every day without any nightmare scenarios dropping on their heads. However, these risks are out there, and awareness is key in case you ever fall victim to one of these problems.
Do you have any hotel horror stories related to these security risks? How do you keep your data secure when staying at a hotel? Share with us in the comments below!