Good reminder not to share your travel info on the internet

[aborgman]

16 minutes ago, SwordBlazer Cruising said:

How can anyone blame the cruiseline and say it's a security issue?

 

Because allowing someone to cancel someone else's cruise, with just a last name and booking number, both of which get repeatedly sent in unsecured emails... is just really, really lax security.

 

Like... 2003 called on your landline and warned you not to post your booking info on MySpace levels of lax.

 

"The same can be done for a Southwest ticket, Delta, and the list goes on."

You aren't wrong - which is why 89% of the travel industry failed in the security audits I mentioned.

 

This is not a Carnival security issue - this is an "almost the entire travel industry" has unacceptably lax security issue.

Edited June 28 by aborgman

[ontheweb]

4 hours ago, SwordBlazer Cruising said:

How can anyone blame the cruiseline and say it's a security issue? The consumer allowed her private information public and from her account, someone followed the normal path to cancel her booking. Sure, there could be another layer to authenticate if its the real person but a security "flaw" would be someone hacking into her crusieline loyalty account and taking her booking details that way. Its falls on her and her husband 1000%. The same can be done for a Southwest ticket, Delta, and the list goes on. The cruiseline offered her compensation and she was greedy and now gets nothing. 

I don't know if you can really say she got nothing. She got her few minutes of fame, and by the way she seems to be basking in that, I would say it is something she has really enjoyed.

[BlerkOne]

1 hour ago, ontheweb said:

I don't know if you can really say she got nothing. She got her few minutes of fame, and by the way she seems to be basking in that, I would say it is something she has really enjoyed.

Probably has already monetized it for more than her alleged losses.

[vwrestler171]

On 6/28/2024 at 6:04 AM, SwordBlazer Cruising said:

How can anyone blame the cruiseline and say it's a security issue? The consumer allowed her private information public and from her account, someone followed the normal path to cancel her booking. Sure, there could be another layer to authenticate if its the real person but a security "flaw" would be someone hacking into her crusieline loyalty account and taking her booking details that way. Its falls on her and her husband 1000%. The same can be done for a Southwest ticket, Delta, and the list goes on. The cruiseline offered her compensation and she was greedy and now gets nothing. 

The fact that all you need is a booking number and you cancel a booking is laughable.  Sadly, it wouldn't be that hard.  All I would need is an email and I could probably cancel it. Carnival and the entire travel industry are in danger of negligence since this came up if they do not make any changes in the future.  

[SwordBlazer Cruising]

19 minutes ago, vwrestler171 said:

The fact that all you need is a booking number and you cancel a booking is laughable.  Sadly, it wouldn't be that hard.  All I would need is an email and I could probably cancel it. Carnival and the entire travel industry are in danger of negligence since this came up if they do not make any changes in the future.  

Nah, whats laughable is that silly consumer who invited this issue by posting her booking information on social media. Don't confuse negligence with being culpable + stupidity .

[BlerkOne]

23 minutes ago, vwrestler171 said:

The fact that all you need is a booking number and you cancel a booking is laughable.  Sadly, it wouldn't be that hard.  All I would need is an email and I could probably cancel it. Carnival and the entire travel industry are in danger of negligence since this came up if they do not make any changes in the future.  

You would need more than just a booking number.

[vwrestler171]

18 minutes ago, SwordBlazer Cruising said:

Nah, whats laughable is that silly consumer who invited this issue by posting her booking information on social media. Don't confuse negligence with being culpable + stupidity .

 

Once a security flaw is identified, it is on them to fix it.

 

15 minutes ago, BlerkOne said:

You would need more than just a booking number.

 

Booking number and last name, and the last name is easily found.  

[SwordBlazer Cruising]

6 minutes ago, vwrestler171 said:

 

Once a security flaw is identified, it is on them to fix it.

 

 

Booking number and last name, and the last name is easily found.  

Its not a flaw when the correct path was used to cancel a booking. If thats the case then hundreds of bookings would fave the same fate each and every week. This issue is on the consumer, full stop. 

[BlerkOne]

9 minutes ago, vwrestler171 said:

 

Once a security flaw is identified, it is on them to fix it.

 

 

Booking number and last name, and the last name is easily found.  

and PIN if cancelling over the phone, which was not what allegedly happened.

 

Someone allegedly created a duplicate account, which takes a first and last name, date of birth, phone number and more. If this happened at all, it was identity theft, as Carnival has said.

 

Meanwhile, while the grifter hasn't posted anything else that has been picked up, so either she shut up of someone shut her up. But the virus (false rumor) carries on.

Edited June 29 by BlerkOne

[CountryStyleMe]

On 6/2/2024 at 6:20 PM, tidecat said:

PINs can be compromised too as people tend to use things like birthdates. Requiring two-factor authentication would also be a huge deterrent to something like this happening.

Pins can also be hacked quite easily with the help of AI (same as Facial and Finger Print scans needing to be taken at Airports and Cruise Ports in 2025 - 2028 when it launched and each Country will have a copy of them to make it quicker and easier for everyone getting through border control. 

[BlerkOne]

11 minutes ago, CountryStyleMe said:

Pins can also be hacked quite easily with the help of AI

These PIN numbers are are given verbally over the phone. Yes, phones and emails can be intercepted, but I think most people with a brain need the reward to be greater than the risk.

[BlerkOne]

or over the phone. Seems to be scamming season

 

https://nypost.com/2024/07/19/us-news/scammer-cancels-unsuspecting-calif-familys-900-carnival-cruise-trip-just-days-before-ship-set-sail/

[pc_load_letter]

Did we do this one yet? Says she did not post any information on the internet. 

 

Said some called her asking if she wanted an upgrade. Then she gave them money. Then cruise was cancelled.

 

https://nypost.com/2024/07/19/us-news/scammer-cancels-unsuspecting-calif-familys-900-carnival-cruise-trip-just-days-before-ship-set-sail/

 

 

[staceyglow]

15 minutes ago, pc_load_letter said:

Did we do this one yet? Says she did not post any information on the internet. 

 

Said some called her asking if she wanted an upgrade. Then she gave them money. Then cruise was cancelled.

 

https://nypost.com/2024/07/19/us-news/scammer-cancels-unsuspecting-calif-familys-900-carnival-cruise-trip-just-days-before-ship-set-sail/

 

 

I would bet anything that she responded to some sort of phishing email or text about a fake upgrade.  Then they cancelled her cruise with the real Carnival when she disputed the charge.

 

That's something that could happen with any business one deals with.

 

That being said, it's something that would never happen to someone who uses a PVP exclusively.

[ontheweb]

32 minutes ago, staceyglow said:

I would bet anything that she responded to some sort of phishing email or text about a fake upgrade.  Then they cancelled her cruise with the real Carnival when she disputed the charge.

 

That's something that could happen with any business one deals with.

 

That being said, it's something that would never happen to someone who uses a PVP exclusively.

Also would not happen with a cruise booked by a TA. Because of the "loss of control", only the TA could cancel the cruise acting for the client.

[BlerkOne]

1 hour ago, staceyglow said:

I would bet anything that she responded to some sort of phishing email or text about a fake upgrade.  Then they cancelled her cruise with the real Carnival when she disputed the charge.

 

That's something that could happen with any business one deals with.

 

That being said, it's something that would never happen to someone who uses a PVP exclusively.

 

56 minutes ago, ontheweb said:

Also would not happen with a cruise booked by a TA. Because of the "loss of control", only the TA could cancel the cruise acting for the client.

Never say never.

 

[staceyglow]

1 minute ago, BlerkOne said:

 

Never say never.

 

If I deal only with my PVP, whose name pops up on the phone when she calls, who has a dedicated extension we type in when call her, and whose voice I recognize, I don't see how this could happen to me.  

[BlerkOne]

2 minutes ago, staceyglow said:

If I deal only with my PVP, whose name pops up on the phone when she calls, who has a dedicated extension we type in when call her, and whose voice I recognize, I don't see how this could happen to me.  

You can't stop a dedicated hacker.

[jimbo5544]

31 minutes ago, BlerkOne said:

You can't stop a dedicated hacker.

more fact than fiction in that statement

[staceyglow]

3 hours ago, BlerkOne said:

You can't stop a dedicated hacker.

That wasn't hacking, that was phishing.  🙂

With phishing, it is the victim that gives the information to the scammer.

[mikayla73]

never mind

Edited July 22 by mikayla73

[pe4all]

I understand the second example of getting scammed - it was an upgrade "sale", and the scammer got $$ for their effort- until the charge was disputed.  I do not understand what the person who cancelled the other family's $15,000 cruise got out of it - except the satisfaction of possibly destroying a family's vacation.  

[DeniseTr]

On 6/2/2024 at 5:59 PM, ChutChut said:

I have a slightly different take on this situation. Sure - posting sensitive info online isn't uber bright and, yes, someone took advantage of that to cancel their reservation. But - didn't Carnival resell that suite? Isn't that why the couple couldn't get their cabin back? If Carnival did, indeed, sell (even if someone "won" a purchased upgrade, etc.) that cabin, it benefitted more as a result. I'm not saying that Carnival did anything "wrong." I'm just saying that, in this unfortunate situation, it appears Carnival didn't (and won't) lose any revenue if it gives the couple a full FCC, etc. Again, I don't know all of the particulars but this was a very unfortunate circumstance all around. But if Carnival benefitted in any way from it (additional revenue, etc.), I don't think that's right.

For all Carnival knows, they cancelled it themselves and tried to scam the system claiming it was someone else.

I can't fault Carnival for following policies the customer agreed to, but they certainly tried to make it right. 

[DeniseTr]

On 6/5/2024 at 9:35 AM, pc_load_letter said:

It would not be hard for Carnival to implement any form of multi factor authentication for their website. When dealing with purchases of potentially thousands of dollars, I would welcome that change.

 

But doing some googling this morning, it would seem that there are a great number of laws on the books that punish the "do-er" of computer fraud but I can't find anything that holds the company liable. 

 

https://www.justice.gov/jm/jm-9-48000-computer-fraud

2 factor Auth would be expensive to implement and cause a lot more calls to customer service, but I agree, something that would be good. 

I don't believe she didn't receive a cancelation email, I recieve emails every time I make a transaction with carnival.

[DeniseTr]

On 6/13/2024 at 1:17 PM, BlerkOne said:

Hopefully they are investigating her 

Carnival's system should be logging information about what IP address cancelled the reservation. (This can easily be traced right back to the user)

Wouldn't shock me to see her indicted for attempted fraud.