A family from County Antrim found themselves at the center of a scam that exposed a potential security loophole in an online travel agent’s booking system. Marion Tyler unwittingly fell victim to scammers after dialing a fake number when trying to contact loveholidays about a booking. This error led to the scammers gaining access to her account by coaxing her into sharing personal information.
Despite attempts to rectify the situation, Tyler’s daughter-in-law discovered that she could still access Marion’s account even after changing login details. This raised concerns that scammers could repeatedly infiltrate the system due to an issue with the platform’s authentication process. Loveholidays, however, defended its security measures, stating that their two-factor authentication process was industry standard and guaranteed the safety of customer data.
The family’s ordeal began when Marion Tyler booked a holiday to Lanzarote for herself, her daughter, and grandchildren through loveholidays.com. Thinking she was speaking to a representative from the company, she inadvertently disclosed sensitive details to scammers who then manipulated her into transferring £2,000 under false pretenses. Despite efforts to secure the account, scammers continued to tamper with the booking details, prompting fears that their access remained unrestricted.
Marie Tyler, Marion’s daughter-in-law, was astounded to find she could effortlessly access the compromised account without the need to log in again. This oversight raised concerns about the system’s vulnerability to persistent breaches. Action Fraud and the Information Commissioner’s Office were contacted to address data protection concerns, while the family sought reimbursement through their bank. Loveholidays acknowledged the security lapse, noting that the issue arose from customer negligence in sharing access with scammers and vowed to implement stricter protocols to prevent future breaches
Read the full article from The BBC here: Read More
