Travelers have one more place to watch their backs when they’re on the road: the hotel business center.
The U.S. Secret Service on Monday confirmed it has warned the hotel industry about malware installed on computers in business centers that allow crooks to monitor every keystroke typed on a device, yielding a motherlode of personal data, such as passwords, user names and credit card information.
The report was first made public on Krebs on Security, and a Secret Service spokesman confirmed the warning to CNBC.
“The keylogger malware captured the keys struck by other hotel guests that used the business center computers, subsequently sending the information via email to the malicious actors’ email accounts,” according to the warning obtained by Krebs on Security. “The suspects were able to obtain large amounts of information including other guests personally identifiable information (PII), log in credentials to bank, retirement and personal webmail accounts, as well as other sensitive data flowing through the business center’s computers.”
The report, jointly issued with Department of Homeland Security’s National Cybersecurity and Communications Integration Center, said the advisory comes after the arrest of individuals suspected of attacking computers at several major hotels in the Dallas/Fort Worth area.
“We take that very seriously,” Scott Joslove, head of the Texas Hotel & Lodging Association, said of the advisory. “We have software in many of our business centers that limit how long people can be on the computer, and we try to put [the computers] in public areas where they can be seen,” Joslove said.
His association tries to keep its member hotels up to date on the latest threats, but it’s a problem that’s not unique to hotels. “It’s actually what you face in hotel business centers, computers at shopping malls or in your home,” Joslove said. “You can never stop trying to stay ahead of them.”
Earlier this year, the Secret Service initiated an investigation into a data breach at 14 hotels where malware was installed on the credit and debit card readers at the hotels’ restaurants and gift shops to steal customers’ names, credit card numbers, security codes and card expiration dates.