Skip to main content

Hackers could have credit card numbers of 880,000 Orbitz users

Hackers may have gained access to as many as 880,000 credit cards by hacking into the Orbitz website. On Tuesday, March 20, the Expedia-owned travel-booking company shared that it had found evidence of a hacker gaining access to user data. The company doesn’t have evidence that the information was actually taken, but the access means user data could have been stolen.

The hack could include data from travelers that used the platform between January 1 and June 22, 2016. Partner programs using Orbitz have a much wider date range for vulerability, extending to Dec. 22, 2017. Orbitz said that, along with billing information, the hack also could have exposed other personal data including names, emails, phone numbers, billing addresses, and gender. The company’s investigation also suggests that travel itineraries, passport information, and social security numbers were not part of the hack.

Recommended Videos

The hacker gained access to an older version of the website, according to the company. The current booking platform is not part of that breach, Orbitz said.

Please enable Javascript to view this content

Orbitz discovered the hack earlier in March and since has launched an investigation to determine what data could have been affected. After discovering the vulnerability, the company said it hired a forensic investigative firm and also involved law enforcement.

In a statement, Orbitz said, “We deeply regret the incident, and we are committed to doing everything we can to maintain the trust of our customers and partners.”

Willy Leichtera, a cybersecurity expert with Virsec Systems, lauded the company for the promptness of its disclosure, but noted that access to the “older” site is just as troubling.

“First, it’s important to point out the Orbitz announced this breach relatively quickly – within 3 weeks. That may not sound fast, but compared to Equifax (6+ months) and Uber (never, until they got caught), Orbitz did the right thing.”

“What’s more unsettling is the idea that sensitive data for close to a million customers was available in a ‘legacy website.’ That makes it sound like it’s OK to neglect security on older systems while you focus on your latest, coolest apps. If it’s a public-facing website with real data, it’s not legacy – it’s live, and a real liability.”

For those 880,000 users that could have compromised data, the company is offering a year of credit and identity monitoring at no charge. Orbitz says it is notifying users that could have been affected by the breach, but travelers that booked within those dates can also call 855-828-3959 in the U.S. or 512-201-2214 outside the U.S. for additional information.

The breach isn’t the first time hackers have targeted travel platforms. Sabre announced a hack last year on the hotel booking platform. In 2011, a TripAdvisor hack compromised user emails, but the booking platform didn’t collect payment information from users.

Orbitz is owned by Expedia Inc. and offers online booking for flights, accommodations, and rental cars, as well as options like cruises and complete travel packages.

Hillary K. Grigonis
Hillary never planned on becoming a photographer—and then she was handed a camera at her first writing job and she's been…
Windows PCs now works with the Quest 3, and I tried it out for myself
i tried windows new mixed reality link with my quest 3 alan truly sits in front of a pc and adjusts virtual screen while wear

Microsoft and Meta teamed up on a new feature that lets me use my Windows PC while wearing a Quest 3 or 3S, and it’s super easy to connect and use. I simply glance at my computer and tap a floating button to use Windows in VR on large displays only I can see.

Meta’s new Quest 3 and 3S are among the best VR headsets for standalone gaming and media consumption. When I want more performance or need to run one of the best Windows apps that aren’t yet available in VR, I can connect to a much more powerful Windows PC.
Setting up Mixed Reality Link
Scanning Microsoft's Mixed Reality Link QR code with a Meta Quest 3 Photo by Tracey Truly / Digital Trends

Read more
How to transfer your books from Goodreads to StoryGraph
Front page of a book on Onyx BOOX Go 10.3 tablet.

Goodreads has been the only game in town for Android and iOS book-tracking for a long time now, and like most monopolies, it has grown old and fat. Acquired by Amazon in 2013, avid book readers have had lots to complain about in recent years, with the service languishing unloved, with no serious updates and an aging interface. It's been due some serious competition for a long time, and lo and behold, some has arrived. StoryGraph is a book-tracking app that offers everything you'll find on Goodreads but with an algorithm that lets you know about what you might love, and adds features any bibliophile will know are essential — like a Did Not Finish list.

Read more
I played Black Myth: Wukong on the new MSI handheld to prove it was possible
Black Myth: Wukong running on the MSI Claw 8 AI+.

I scoffed when MSI put the Claw 8 AI+ in my hands with Black Myth: Wukong selected. I'd spent 80 hours in the game on my full desktop packing an RTX 4090, and I knew just how demanding the game was. It's a pipedream for a handheld gaming PC.

I pressed Continue and loaded up at the Pool of Shattered Jade rest point -- the ideal spot to farm; if you know, you know -- and proceeded to run up to the cocoons spotted around the area, unleash my spirit ability, and run back. Sitting in a dimly-lit New York City bar, I continued the loop a few more times. I'd done plenty of farming in the game before.

Read more