Potential Security Breach on Princess Website

[nasa1974]

Just logged into my app and the website. No problem.

[lennythenose]

I was able to log into my account from my phone but when I clicked on manage my cruise I got this error. Of course I’ve been getting this on and off for a couple of weeks so it may not be connected to the security issue at all. 

[voljeep]

2 minutes ago, lennythenose said:

I was able to log into my account from my phone but when I clicked on manage my cruise I got this error. Of course I’ve been getting this on and off for a couple of weeks so it may not be connected to the security issue at all. 

oh, the weekend's here ... I.T. will have a keg of beer ...🍻

[lennythenose]

13 minutes ago, voljeep said:

oh, the weekend's here ... I.T. will have a keg of beer ...🍻

 I used to work in IT for a major defense contractor. I can neither confirm nor deny this statement🤣

[ebeluga]

On 7/26/2024 at 10:22 AM, PescadoAmarillo said:

Has anyone seen any recognition or admission by Princess that this occurred?  Any place they’re giving passengers a heads-up to watch for suspicious activity?   

U.S. rule requires public companies to disclose cybersecurity breaches.  But if it is Princess' dumb IT's doing/mistakes, then it seems to be a grey area as far as disclosure or reporting is concerned.

[Wishing on a star]

A data breach, a corruption of private data, is still a breach, whether it is from the corporation or from an outside 'hacker'.  There is NO excuse for how this is being handled, from the very top corporate level down.  Just like the major issues with the roll-out and ongoing changes on the new ship.  

I wish we were in a position to switch everything over to another cruise line.  But, one that isn't a floating amusement park seems to come at a real price point right now.

 

I am just glad that we have no pressing reason to log in and try to do anything online with Princess right now.  Not sure if not being logged in has any effect on whether a persons info is displayed to somebody else. But...

Edited July 27 by Wishing on a star

[voljeep]

No excuses, of course ... but please post if this is the FIRST TIME that you have ever gotten a notification that a company has been "compromised" and certain information may have been leaked...

 

certainly not a first for us ... we deal with it pro-actively ... and move on

 

it's the ____________ that we have chosen to deal with in our purchases and online activities.

[dog]

12 minutes ago, voljeep said:

No excuses, of course ... but please post if this is the FIRST TIME that you have ever gotten a notification that a company has been "compromised" and certain information may have been leaked...

 

certainly not a first for us ... we deal with it pro-actively ... and move on

 

it's the ____________ that we have chosen to deal with in our purchases and online activities.

Recently was offered $50 for blood work being leaked.. ha!

I am checking my accounts daily.

I was not logged in to the website when my app sent me to someone elses’s personalizer.

[Wishing on a star]

That is the thing.

When we clip to pull up the APP, on iPhone, it is like it automatically knows that it is us (like cookies?) and takes us to our next upcoming cruise/bookiing, that we have been looking at, dining, etc...

It is automatic...

No logging in necessary.

We have the APP on DH's phone, and I believe this is how it has been working/operating.

 

Of course, online, you have to be logged in, or enter the specific booking info, to pull up a booking.

 

[JamieLogical]

2 hours ago, voljeep said:

No excuses, of course ... but please post if this is the FIRST TIME that you have ever gotten a notification that a company has been "compromised" and certain information may have been leaked...

 

certainly not a first for us ... we deal with it pro-actively ... and move on

 

it's the ____________ that we have chosen to deal with in our purchases and online activities.

 

Except Princess hasn't notified anyone of anything.... At least in the past, companies who have potentially lost my data admitted it and offered me some credit monitoring as compensation.

[FRFLI]

Companies typically “own up” when the media gets involved. 😳

[memoak]

53 minutes ago, JamieLogical said:

 

Except Princess hasn't notified anyone of anything.... At least in the past, companies who have potentially lost my data admitted it and offered me some credit monitoring as compensation.

Heck AT&T had a breach over a year ago and just notified people

[EllieinNJ]

I just got notified by Ticketmaster about a breach and I think their breach was quite a while ago too.

[JamieLogical]

11 hours ago, memoak said:

Heck AT&T had a breach over a year ago and just notified people

 

But that AT&T breach didn't include any PII. It just included information about which phone numbers called/texted other phone numbers. No names, credit card info, SS numbers, passport numbers, etc. Also, just because the breach happened a year ago doesn't mean that's when the knew it happened. They could have found out about it much later, whereas Princess clearly knows that this incident happened it is all over social media and they have taken down their login services several times as they have worked to resolve it.

[twotravelersfromflorida]

I just looked at the cruise we are taking in December to see if friends could still book and found the room we are booked in listed as available.  If I log in to the site and go to my booking, it shows the room as ours, yet I then checked for new bookings and my room still shows as available.  Anyone else found this issue?

[HaveDogWillTravel]

2 minutes ago, twotravelersfromflorida said:

I just looked at the cruise we are taking in December to see if friends could still book and found the room we are booked in listed as available.  If I log in to the site and go to my booking, it shows the room as ours, yet I then checked for new bookings and my room still shows as available.  Anyone else found this issue?

Uggh that’s not good. I get an error message when I try to choose a cabin.  I’ve tried several itineraries.  So while I can’t check at the moment I will keep trying. Thanks for the 411

[Treasure Hunter]

Do you think it’s possible to double sell a room. Sort of like the three Bears and Goldilocks. Could you arrive at your room and find another person there?

[HaveDogWillTravel]

10 minutes ago, Treasure Hunter said:

Do you think it’s possible to double sell a room. Sort of like the three Bears and Goldilocks. Could you arrive at your room and find another person there?

Lord only knows. Princess IT could seriously be 3 people who are completely overwhelmed.  Adam has been in the tech industry for 25 years.  One of his very good friends who works at Apple was over for dinner and was on his laptop fixing an issue with iMessage.  We are used to this 24/7 type of remote work so it wasn’t weird at all. But what shocked me (not Adam of course) was that Travis said it was just him and another guy who managed all of iMessage for Apple. 
 

 

 

oh and I can check cabin availability as long as I’m not logged in. Go figure. 

Edited July 28 by HaveDogWillTravel

[Boku]

Was this a breach or a database malfunction? The answer must dictate the response from Princess.

[Cruise Raider]

36 minutes ago, Boku said:

Was this a breach or a database malfunction? The answer must dictate the response from Princess.

Without Princess chiming in, how can we know? 
I know where I used to work, we were always to do testing using data from a test database whenever implementing a change in our programs.  I’m really hoping that was the case with Princess when they changed the pricing displays and not actual passenger data.  
 

[HaveDogWillTravel]

59 minutes ago, Boku said:

Was this a breach or a database malfunction? The answer must dictate the response from Princess.

First it is an issue with authentication for access. Then it could become a breach if bad people find out and steal information.  The first thing Adam did when I told him is he checked multiple sites ( twitter was one but he uses some I’ve never heard of but tech geeks use) and said he didn’t see any postings there.  He said that was good but of course no guarantee that hackers didn’t take advantage of the flaws. So we don’t know if our data was breached or not. And Princess may not know yet. 

Edited July 28 by HaveDogWillTravel

[ebeluga]

3 minutes ago, HaveDogWillTravel said:

First it is an issue with authentication for access. Then it could become a breach if bad people find out and steal information.  The first thing Adam did when I told him is he checked multiple sites ( twitter was one but he uses some I’ve never heard of but tech geeks use) and said he didn’t see any postings there.  He said that was good but of course no guarantee that hackers didn’t take advantage of the flaws. So we don’t know if our data was breached or not. And they may not know yet. 

Usually a breach by high quality hackers is very stealth. This Princess thing is so dumb obvious!!!

[HaveDogWillTravel]

6 minutes ago, ebeluga said:

Usually a breach by high quality hackers is very stealth. This Princess thing is so dumb obvious!!!

True. But there’s chatter on the channels he looks at. No chatter is of course no guarantee.  He’s not losing any sleep over it. He’s been painting the garage and working in the garden. 

[JamieLogical]

1 hour ago, Boku said:

Was this a breach or a database malfunction? The answer must dictate the response from Princess.

 

Does it matter? People who shouldn't have access to other users' data had access to all sorts of other people's PII. Whether those people were hackers or just idiots posting screenshots on Facebook, people's data was compromised.

[broberts]

1 hour ago, Boku said:

Was this a breach or a database malfunction? The answer must dictate the response from Princess.

 

It might dictate the response by Princess IT techs, but it should not affect outward facing response.

 

The fact that a user is involuntarily presented with private data of another user makes this a beach of the Princess privacy policy. Sadly, Princess appears to be an ostrich.