

TripAdvisor's email list compromised - PonyGumbo
http://www.tripadvisor.com/vpages/more_information.html

======
burrows
Could this be any less technical? This seems to barely even qualify as
something to be show on hacker news.

It doesn't talk about the exploited service, the vulnerability, if it was
known, etc.

Instead they tell us 'signs of spam'.

~~~
nbpoole
It sounds like they're still investigating and will update the page when they
have more details to share. It's interesting because Play.com suffered a
similar breach recently (a third party company was the target, if I remember
correctly)

That being said, " _It affected a portion of our membership_ " is the least
useful answer to " _How many members were impacted?_ " that I have ever seen.

~~~
burrows
"We've identified the vulnerability, shut it down and are vigorously pursuing
the matter with law enforcement."

Is a pretty clear assertion that they are aware of how the attack took place
and know how to patch the issue.

~~~
nbpoole
Agreed. That doesn't mean they're going to publicly disclose all of the
details of the breach, especially before they've established its scope.

~~~
burrows
Definitely, my original point was that the information they released (or lack
thereof with regards to the technical aspect) made for an article lacking in
depth and not something I would generally want to see on hn.

Hopefully once damage control is complete, we'll learn more.

------
shabble
Oddly, their use of an all-capitalised SPAM contravenes the Hormel "acceptable
use" terms at <http://www.spam.com/about/internet.aspx>, as well as looking
extremely out-of-place in their text (I originally assumed the opposite, that
they were doing it to distinguish from Spam or spam).

Maybe they think it's an acronym?

