Over 1,500 hotels in 54 countries fail to protect user information from advertisers and analytics companies. 67% of the studied cases, some level of personal information is leaked via booking reference codes. Data exposed this way may include the guest’s full name, phone number, email and payment card details. The data they’re privy to also allows them to cancel reservations. Two of the five services he tested leaked credentials, and another one did not send the login link over a secure connection. In Europe, these practices are in stark contrast with the General Data Protection Regulation (GDPR)
Source: https://www.bleepingcomputer.com/news/security/two-thirds-of-hotel-sites-leak-guest-booking-info-to-third-parties/