China-based internet security monitoring service Wooyun has exposed a possible security loophole in Ctrip, one of the country's biggest travel brands.
Last week, Wooyun reported a potential exposure of Ctrip's customer credit card information (stored on Ctrip's local server) to hackers.
Ctrip told Tnooz that breach occurred when Ctrip was performing a system upgrade and carrying out testing.
Among the ten language sites which Ctrip runs, only the Chinese-language site - Ctrip.com - was affected.
Within two hours of the report by Wooyun, Ctrip conducted an "internal audit" and "removed the cause of the potential security concern", it says.
Ctrip confirmed a total of 93 customers credit card information had been downloaded by Wooyun for testing the security procedures. The credit cards are issued by mainland Chinese banks and do not affect international credit cards.
Since the incident came to light, Ctrip has provided dedicated phone support to answer customer queries, and has moved quickly to reassure customers that all online transactions are PCI compliant.
The company has also replaced all 93 credit cards, free of charge.
Ctrip denies speculation that a Ctrip customer's credit card was used for a product in the region of $3,000 over the weekend and claims no financial losses have been reported to it as a result of the incident.
Immediately after this incident, Ctrip has setup a security reserve fund of $800,000 to reward white hat security teams who can help the company improve its information security system.
NB: Security image via Shutterstock.