Travel advice site TripAdvisor has admitted that an unknown third party has penetrated the company's network, stealing part of the customer e-mail database.
The company's announcement indicates that 'a portion' of the database containing the e-mail addresses of the company's registered users was obtained by the third party following the exploitation of an undisclosed security hole in the company's network.
"While we're still investigating the details, we've identified the vulnerability, shut it down and are vigorously pursuing the matter with law enforcement," the company said in its statement to customers. "We are also are implementing additional security precautions to help prevent another incident in the future."
The details - which do not include passwords or any payment details - are thought to be in the process of being used as the target for spam e-mails, with the company warning that those affected are likely to see their spam volume increase substantially over the next few weeks.
TripAdvisor also warns its users to be on the lookout for 'phishing' attempts, where the attackers may e-mail customers asking for passwords and other personal details. "TripAdvisor will never ask you for your password or sensitive personal information over email," the company has told customers.
It's an embarrassing breach for the company, but one which is likely to have little overall impact: passwords were not disclosed, and the company doesn't take or store credit card or home address information, minimizing the amount of data which the attackers were able to plunder.