14 DAY TRIAL // TripAdvisor announces that hackers broke into its systems and walked away with a partial list of its members' email addresses.
TripAdvisor is the largest travel information website on the Internet, allowing users to post reviews about hotels and venues from around the world.
The company claims the website has around 20 million registered members and 40 million unique monthly visitors.
The security breach comes days after UK online retailer Play.com confirmed that its customer email address database was stolen from a third-party partner.
The compromise was linked to a breach at Silverpop, an US-based email marketing provider that had many Fortune 500 companies on its client list, including Walgreens, McDonald's and Honda Motor.
Unlike the Play.com incident, the TripAdvisor database breach happened because of a vulnerability in the website that has since been patched.
"No passwords were taken, and any and all password information is secure, TripAdvisor does not collect members' credit card or financial information, and we never sell or rent our member list," the company says.
It also notes that additional security precautions are being implemented to prevent similar incidents from occurring in the future.
No details were released about the actual size of the compromised email list or the type of vulnerability exploited in the attack.
Given that the user database was accessed it's possible that this was a case of SQL injection, a relatively common type of attack.
The biggest risk to affected customers is a rise in the amount of spam their receive, however, they might also face more targeted attacks.
Following the Silverpop compromise, for example, Walgreens customers were targeted in a phishing attack while Play.com members received spam that lead to malware.
Users are advised to exercise extra caution when dealing with links or attachments in emails, even if they appear to originate from trusted sources.