Travelodge UK compromised?

Yesterday I received a spam email. Not unusual, but note the destination email address:

Subject: Zoe OConnell
Date: Wed, 22 Jun 2011 10:58:33 -0400
From: Lorraine Ackerson @lt;lorraineackersonas113@hotmail.com>
To: <zoe-travelodge@****.co.uk>

Greetings.
Don’t miss exciting business chance.
Reputable agency is looking for energetic worker in United Kingdom to help us expand our activity in the UK sector.

Necessity:
– 18+ United Kingdom resident
– Only operational knowledge of Internet & computer.
– Free access to personal e-mail box
– 2-3 free hours per day
– Fast replies on our written tasks
– Excellent organizational skills.

You can without problem combine our work with your primary work.
Great income potential. Free study possible.
Applicants must be honest and commerce motivated. Operate only few hours per day.
Everyone located in the United Kingdom can be our representative.
Our manager will e-mail you within few hours if you attracted.

—————-
Top News: taylor honored for boosting antelope island.

Note that it’s zoe-travelodge@… (You can guess what the full email is but I don’t want to make life too easy for spammers to harvest addresses) My mail system ignores anything after the dash and just puts it all in my mailbox, so that I can filter mail by source more easily and also spot who has been selling email addresses.

The spammers also knew my full name. And I’m not the only one in this position as several other users on twitter have complained of the same thing. I’ve just emailed the Chief Executive of Travelodge, Guy Parsons, (Hat tip to @benjymous for finding his details) to ask exactly what was stolen:

Dear Mr.Parsons,

Yesterday, I received spam email to an email address that has only ever been used to register on the Travelodge site. This was clearly not just someone making up random addresses as the email was specifically to zoe-travelodge@****.co.uk and the spammer knew my full name. I am not the only one to have experienced this as since last night at least half a dozen other people who also use unique addresses for registering on web sites have complained about exactly the same situation on Twitter.

It would appear likely, unless Travelodge are in the habit of selling on personal details to unsavoury third parties, that your site has been compromised. I would be grateful if you could confirm that this is the case and also what other details were stolen so that those affected can take appropriate action – was this just names and email addresses or were payment details and postal addresses compromised too?

I shall let people know if I get a reply.

Update at 1315: Travelodge UK, via twitter, have stated: “Sorry for the spam email you may have received. We have NOT sold any data. We’re currently investigating this issue and will update you ASAP”

7 comments

  1. I got the same thing, was thinking they had sold them but compromised makes as much sense.

    BTW, you’ve left your full email in the copied email.

    ~Shepy

  2. Since mailing him, I’ve noticed he’s involved in some sort of charity cycle trip, so is probably still out of the country. Hopefully he’ll have a PA checking his mail.

  3. Snap!

    For anyone in the same boat, please e-mail Anne at customer.services@tra…dge.co.uk who is collating the information for their IT department and handling the matter. They DO seem to be taking it very seriously.

    For updates there’s a twitter tag on #travelbotch ( http://twitter.com/#!/search/%23travelbotch ).

    Jules
    x

    (Edited to obfuscate email address in an attempt to deter spam harvesting robots – Zoe)

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.