TripAdvisor says the breach will impact a “portion” of its membership, who could receive unsolicited emails as a result.
The firm has confirmed that an unauthorised third party has stolen some email details, but claims no password or financial information was taken.
Personal responsibility is a phrase that is being used increasingly in public debates around privacy and personal data protection.
Users of online services, many seem to believe, have a responsibility to protect themselves by following a few basic rules, rather than relying on service providers, no matter how well-known the brand.
Using different passwords for different sites is a must, says Paul Vlissidis, technical director at NGS Secure, part of NCC Group.
Remembering multiple passwords is a problem, but this easily overcome by using some kind of password vault software available from the open source community or within many commercial anti malware products.
Avoid saving card details to save time. Many sites offer this facility, but Vlissidis says it is safer not to give up control over this information.
Use the card brand security schemes such as Securecode and Verified By Visa, he says.
Making sure all website access uses the secure browser features (https instead of http) is another good practice, says Vlissidis, and finally, people should not use their email address as their user name.