Hotel Guest Accidentally Shares Sensitive Information Over Public Wi-Fi

18 December 2015

If you are a frequent traveler who is constantly browsing on-the-go, you probably take advantage of public wi-fi networks to stay connected away from home. However, unsecured public networks can pose a serious security threat to those who treat them like their home networks. Earlier this year, a woman may have become a victim of identity theft while browsing on a hotel wi-fi network in the type of incident security analysts say “happens every day.”

The woman, who is concealing her identity because she is afraid her privacy has been violated, logged onto the wi-fi at her Winnipeg hotel shortly after checking in. Later that night, she received a call from another hotel guest logged onto the network who could see all of the personal information she had stored on her computer.

“He didn’t actually say who he was,” the woman told the CBC. “He said he was a guy sitting in the pub of the hotel having a drink on his cell phone, and he could access all of this information.”

He proceeded to describe to her everything he could see, a list that included her husband’s name, her passport, credit card numbers and photos. Before hanging up the phone, he urged her to log off of the network to protect her information.

Shortly thereafter, the woman realized her laptop’s file sharing feature was still active from the last time she was using her computer on her home network. Because she regularly travels outside of the country, she keeps a copy of her birth certificate and passport on her computer as backup, meaning they too were shared along with any other personal data she had stored on her laptop.

According to Michael Legary, who works for Winnipeg-based internet security company Seccuris, these types of breaches occur more often than you might think. “This is extremely common, to the point where a lot of folks don’t know the basics of locking down their computer,” he told the CBC. “Other individuals actually target that [behavior] and look for people using hotel services in an unprotected way, so this happens every day.”

To make sure your personal data isn’t accidentally compromised over an unsecured network, here are some precautions you can take:

  • Before logging on to public wi-fi networks, always make sure your file-sharing settings are turned off and that your computer firewalls are running.
  • If you can help it, try not to use unsecured wi-fi in the first place. Even if a network requires a password, others who have logged into their own sessions can use eavesdropping software to listen in to your computer’s “conversation” with the network. Instead, consider tethering your laptop or computer to a mobile device’s cellular network connection.
  • If you do need to connect to a public network, avoid visiting sites that require you to log in with a username or password, as these could be tracked and captured by cyber criminals lurking on the network. Be especially sure never to log into an account with which you have stored financial information, or to make purchases online over an unsecured network.

If you regularly use public wi-fi, even if you are careful while doing so, you should consider investing in a credit monitoring service. They can send you alerts to notify you of certain activity on your credit files that may indicate fraud, giving you the best opportunity to take charge of your accounts before fraudsters can deal severe damage to your finances.