Members of travel review website TripAdvisor have been warned that hackers may have got their hands on their email addresses, following a security breach.
The website revealed an unauthorised third-party has "stolen" part of the website's members email address list.
The website said passwords had not been taken in most cases, and users won't be affected. However, some may receive spam messages as a result of the incident. Steve Kaufer, Co-founder and CEO of Trip Advisor, stressed that the website does not collect members' credit card or financial information, and it never sells or rents its member list.
"We've confirmed the source of the vulnerability and shut it down. We're taking this incident very seriously and are actively pursuing the matter with law enforcement," Kaufer said in an email sent to members.
"The reason we are going directly to you with this news is we think it's the right thing to do. As a TripAdvisor member, I would want to know. Unfortunately, this sort of data theft is becoming more common across many industries, and we take it extremely seriously."
According to Ross Brewer, vice-president and managing director for international markets at security firm LogRhythm, it's the regularity of these types of incident that suggest traditional approaches to IT security are no longer fit for purpose.
"This is the second time a well known website has been breached this week - just a few days ago it was Play.com with egg on its face, now it's TripAdvisor," he said.
"In addition to the traditional perimeter defences organisations typically deploy, organisations also need to adopt tools that enable them to monitor their extended IT infrastructures on a continual basis. Integrated log management and security information event management [SIEM] solutions allow companies to spot any suspicious activity as soon as it happens, acting as a vital safety net when perimeter solutions fail. "