• The TUGBBS forums are completely free and open to the public and exist as the absolute best place for owners to get help and advice about their timeshares for more than 30 years!

    Join Tens of Thousands of other Owners just like you here to get any and all Timeshare questions answered 24 hours a day!
  • TUG started 30 years ago in October 1993 as a group of regular Timeshare owners just like you!

    Read about our 30th anniversary: Happy 30th Birthday TUG!
  • TUG has a YouTube Channel to produce weekly short informative videos on popular Timeshare topics!

    Free memberships for every 50 subscribers!

    Visit TUG on Youtube!
  • TUG has now saved timeshare owners more than $21,000,000 dollars just by finding us in time to rescind a new Timeshare purchase! A truly incredible milestone!

    Read more here: TUG saves owners more than $21 Million dollars
  • Sign up to get the TUG Newsletter for free!

    60,000+ subscribing owners! A weekly recap of the best Timeshare resort reviews and the most popular topics discussed by owners!
  • Our official "end my sales presentation early" T-shirts are available again! Also come with the option for a free membership extension with purchase to offset the cost!

    All T-shirt options here!
  • A few of the most common links here on the forums for newbies and guests!

Unsecured WiFi at Hotel

Timeshare Von

TUG Review Crew: Expert
TUG Member
Joined
Mar 13, 2006
Messages
7,081
Reaction score
1,759
Points
599
Location
Milwaukee, WI
Resorts Owned
Wyndham (77k points at Myrtle Beach/Westwinds)
You know, you're always forewarned about the unsecured WiFi at hotels and other places. I rarely have worried about it, but have learned my lesson the hard way.

While staying in Montana, I did use the free WiFi at my hotel. It appears that my activity was logged by a hack who then accessed by AOL account, along with my IgoUgo.com and Trip Advisor accounts.

First thing they did was change my AOL password and some settings which caused me to lose all of my saved emails regarding several recent & future trips. This was my first signal this morning that something was UP.

Then I got an email from one of my IgoUgo editors indicating that my photo and profile had been changed and they subsequently deleted it all. They asked that I repost accordingly, and suggested I change my password.

Finally, I went to TripAdvisor's Montana forum this morning in order to update a forum thread I was contributing to . . . only to find that my Thursday evening post had been deleted on Saturday at 3:47am (I was on the train and had not had access to the internet since approximately Friday at 6:30a!) I also checked my profile there only to learn the hacker changed my password and email contact info to some bogus .gmail account.

I've been able to fix the AOL password issues but lost all of the content deleted. I was also able to fix the issues with IgoUgo.com. Unfortunately, because TripAdvisor requires your current password to change to a new one, and I don't know what this yutz changed it to, I cannot change it easily. Additionally, in trying to change it an email to their email address was generated advising that "someone" is trying to change "their" password.

I have an email into TripAdvisor regarding the issue but no response yet. What a nightmare!

I'm just thankful I did not access any banking info from on the road via this unsecured WiFi connection. Word to the wise . . .
 

linsj

TUG Review Crew: Veteran
TUG Member
Joined
Aug 20, 2006
Messages
2,216
Reaction score
447
Points
443
Location
Indianapolis
Resorts Owned
HGVC
This is why I pay $40/year for Witopia, a personal VPN that encrypts my Internet traffic both ways. I have to do more than email and Web browsing, including online bill paying, while out of town, so it's worth the expense to me.
 

Timeshare Von

TUG Review Crew: Expert
TUG Member
Joined
Mar 13, 2006
Messages
7,081
Reaction score
1,759
Points
599
Location
Milwaukee, WI
Resorts Owned
Wyndham (77k points at Myrtle Beach/Westwinds)
This is why I pay $40/year for Witopia, a personal VPN that encrypts my Internet traffic both ways. I have to do more than email and Web browsing, including online bill paying, while out of town, so it's worth the expense to me.

Good to know . . . I'll pass this on to my hubby who handles our home IT needs :) Thanks!!!
 

dioxide45

TUG Review Crew: Expert
TUG Lifetime Member
Joined
May 20, 2006
Messages
48,387
Reaction score
19,848
Points
1,399
Location
NE Florida
Resorts Owned
Marriott Grande Vista
Marriott Harbour Lake
Sheraton Vistana Villages
Club Wyndham CWA
What did they have to gain? Other than to cause havoc?
 

SOS8260456

TUG Member
Joined
Jun 7, 2005
Messages
1,174
Reaction score
7
Points
248
Location
NE Pennsylvania
What did they have to gain? Other than to cause havoc?

Sometimes I think that is all they want to do. It takes all kinds in this crazy world we live in.

Sorry for the trouble you are dealing with and hope you can get it all straightened out.

I hope alot of bad karma goes to the hacker,
 

pjrose

TUG Review Crew: Veteran
TUG Member
Joined
Oct 28, 2005
Messages
8,739
Reaction score
15
Points
473
Location
Central PA USA
I suppose they could gain the login to your bank account and credit cards if you're doing any of that on vacation.

What can we do to prevent this?
 

dioxide45

TUG Review Crew: Expert
TUG Lifetime Member
Joined
May 20, 2006
Messages
48,387
Reaction score
19,848
Points
1,399
Location
NE Florida
Resorts Owned
Marriott Grande Vista
Marriott Harbour Lake
Sheraton Vistana Villages
Club Wyndham CWA
I suppose they could gain the login to your bank account and credit cards if you're doing any of that on vacation.

What can we do to prevent this?

That information is usually transmitted over a 128 bit encryption. I am thinking that the AOL and TripAdvisor stuff wasn't.
 

Nickfromct

TUG Member
Joined
Apr 5, 2009
Messages
596
Reaction score
13
Points
378
Location
Fort Lauderdale, FL
I suppose they could gain the login to your bank account and credit cards if you're doing any of that on vacation.

What can we do to prevent this?

If there is a choice between wired and wireless internet. I always use the wired. If we need wireless for some reason, like multiple devices in the room I bring my own travel router which is password protected.
 

BoaterMike

TUG Member
Joined
May 1, 2010
Messages
637
Reaction score
1
Points
228
Location
St. Louis, MO, Gettysburg, PA
Resorts Owned
Royal Caribbean, Royal Haciendas, Marriott Grand Chateau,
What can we do to prevent this?

Either use a secure personal travel router like Nickfromct says or a personal vpn like linsj mentioned. I use the personal vpn myself when I travel. It runs about $50 per year and is worth it for the peace of mind.

That information is usually transmitted over a 128 bit encryption. I am thinking that the AOL and TripAdvisor stuff wasn't.

True, if the gateway or router was security enabled. If not, a novice hacker could easily access the computer on an unsecure network even though the web page was secure.

Reasonable caution is always a good thing.

Mike
 

Timeshare Von

TUG Review Crew: Expert
TUG Member
Joined
Mar 13, 2006
Messages
7,081
Reaction score
1,759
Points
599
Location
Milwaukee, WI
Resorts Owned
Wyndham (77k points at Myrtle Beach/Westwinds)
What did they have to gain? Other than to cause havoc?

Since the only content that was messed with was my positive comment on TripAdvisor regarding my experience at the Best Western Rocky Mountain Lodge, it could have been a disgruntled employee or perhaps a competitor hotel in the area. It's easy enough to access an unsecured WiFi (BW didn't even have a "user ID" code for guests to log-in with), that someone could sit in the parking lot or within a block or so to log into their system.

The hacker also went into my IgoUgo account and changed my photo and posted some rather lewd info into my profile . . . perhaps making it personal.

Who knows other than maybe idle hands and stupid minds!
 
Last edited:

Timeshare Von

TUG Review Crew: Expert
TUG Member
Joined
Mar 13, 2006
Messages
7,081
Reaction score
1,759
Points
599
Location
Milwaukee, WI
Resorts Owned
Wyndham (77k points at Myrtle Beach/Westwinds)
That information is usually transmitted over a 128 bit encryption. I am thinking that the AOL and TripAdvisor stuff wasn't.

My DH said there is software out that that hackers can use to actually access people who are online via an unsecured connection, that allows them (the hacker) to see everything on their screen that I would have been seeing and doing online.

The only password ID connections I accessed from the hotel were my T/SVon AOL account and the two travel sites (IgoUgo & TripAdvisor).
 

Timeshare Von

TUG Review Crew: Expert
TUG Member
Joined
Mar 13, 2006
Messages
7,081
Reaction score
1,759
Points
599
Location
Milwaukee, WI
Resorts Owned
Wyndham (77k points at Myrtle Beach/Westwinds)
Either use a secure personal travel router like Nickfromct says or a personal vpn like linsj mentioned. I use the personal vpn myself when I travel. It runs about $50 per year and is worth it for the peace of mind.



True, if the gateway or router was security enabled. If not, a novice hacker could easily access the computer on an unsecure network even though the web page was secure.

Reasonable caution is always a good thing.

Mike

I will obviously need to have my home IT guy (DH) figure out a game plan so that we do not incur in the future. I suppose I've been fortunate given the amount of travel I do to, and the amount of unsecure WiFi use I've had in the past. I feel rather stupid to have fallen victim this time but am glad to have not conducted any business via the internet over the unsecured access.
 

Sandi Bo

TUG Review Crew
TUG Member
Joined
Mar 22, 2011
Messages
5,391
Reaction score
5,254
Points
598
Location
Omaha
Resorts Owned
Wyndham
Oh geez, sorry for you troubles. Thank you for posting as it a good reminder to be cautious.
 

Passepartout

TUG Review Crew: Veteran
TUG Member
Joined
Feb 10, 2007
Messages
28,652
Reaction score
17,480
Points
1,299
Location
Twin Falls, Eye-Duh-Hoe
We can only hope the perp didn't load some malware on your computer that would allow further tricks. With our travels, we are careful not to access any financial sites unless we have a secure connection. Sometimes I wonder how 'secure' secure is, but so far we have been lucky.

New rule henceforth: No accessing any passworded sites from public networks.

Thanks Von, for bringing this necessary warning to us in a way that gets our undivided attention.

Jim
 

dioxide45

TUG Review Crew: Expert
TUG Lifetime Member
Joined
May 20, 2006
Messages
48,387
Reaction score
19,848
Points
1,399
Location
NE Florida
Resorts Owned
Marriott Grande Vista
Marriott Harbour Lake
Sheraton Vistana Villages
Club Wyndham CWA
My DH said there is software out that that hackers can use to actually access people who are online via an unsecured connection, that allows them (the hacker) to see everything on their screen that I would have been seeing and doing online.

The only password ID connections I accessed from the hotel were my T/SVon AOL account and the two travel sites (IgoUgo & TripAdvisor).

My guess is however that these user IDs and passwords were being transmitted without any encryption and they were able to capture them form their movement over the network rather than seeing what was on your screen. They would have to have been able to install something on your system to capture key strokes. The fact that they were able to easily capture would make me think that they were just monitoring the data traffic over the networkn and captured it that way rather than hacking directly in to your system.
 

Timeshare Von

TUG Review Crew: Expert
TUG Member
Joined
Mar 13, 2006
Messages
7,081
Reaction score
1,759
Points
599
Location
Milwaukee, WI
Resorts Owned
Wyndham (77k points at Myrtle Beach/Westwinds)
We can only hope the perp didn't load some malware on your computer that would allow further tricks. With our travels, we are careful not to access any financial sites unless we have a secure connection. Sometimes I wonder how 'secure' secure is, but so far we have been lucky.

New rule henceforth: No accessing any passworded sites from public networks.

Thanks Von, for bringing this necessary warning to us in a way that gets our undivided attention.

Jim

Happy to share ALL of my travel adventures . . . the bad with the good :)

My DH has gone through my netbook and there was nothing there in terms of malware, viruses, etc. so that was good news.
 

pjrose

TUG Review Crew: Veteran
TUG Member
Joined
Oct 28, 2005
Messages
8,739
Reaction score
15
Points
473
Location
Central PA USA
How do we know if it's a secure vs not secure connection?

Would an Airport qualify as a router? It'd be password protected, but once the info leaves the Airport or other router and gets into the wider wireless system, isn't it fair game for hackers at that point?
 

zinger1457

Guest
Joined
Aug 21, 2005
Messages
695
Reaction score
45
Points
338
How do we know if it's a secure vs not secure connection?

Would an Airport qualify as a router? It'd be password protected, but once the info leaves the Airport or other router and gets into the wider wireless system, isn't it fair game for hackers at that point?

The only way the wireless connection would be secure is if they use some type of encryption like WPA2 which is extremely rare for a public hot spot. Just requiring a passcode means little, it does not provide encryption, just limits who can access it. Once your connection hits the airport wireless router it should at that point travel the Internet over wired connections.

A good app to use for web browsers is a password manager like LastPass. It won't protect you in all cases but will help if a keyboard logger is being used on your system.
 
Last edited:

Timeshare Von

TUG Review Crew: Expert
TUG Member
Joined
Mar 13, 2006
Messages
7,081
Reaction score
1,759
Points
599
Location
Milwaukee, WI
Resorts Owned
Wyndham (77k points at Myrtle Beach/Westwinds)
Based on our reconstruction of the issue, it appears the hacker was using a Firefox add-on called "FireSheep" that allows shadowing of users on an open WiFi network. It does not monitor or collect key strokes.
 

BoaterMike

TUG Member
Joined
May 1, 2010
Messages
637
Reaction score
1
Points
228
Location
St. Louis, MO, Gettysburg, PA
Resorts Owned
Royal Caribbean, Royal Haciendas, Marriott Grand Chateau,
BoaterMike,

Which personal vpn do you use?

I had been using cyberghost but switched to HMA (hide my ass). I changed to HMA at the time because of the combination of ease of use and value. There may be others equal or better, as I have not made a comparison since last Fall.

I may be making a change again this year if there is a reliable vpn that has both Windows and Android versions for one fee.

Mike
 

eakhat

TUG Member
Joined
Feb 6, 2008
Messages
200
Reaction score
3
Points
378
Location
Ham Lake, MN
It's a good reminder of what can happen. Thanks for sharing your experience.

We also had something happen to us when we were using our laptop at a timeshare resort in Orlando. Someone hacked in and took over our computer. I think they wanted us to buy the software to get ride of "the virus." We checked with a local place on the cost to have it professionally taken care of. It was very expensive, and they said we could probably lose information stored on the computer. My son, who is a computer techie, recommended we download free software from MalwareBytes, and that did the trick. We are much more cautious when we use our computer when we travel. After reading this blog, we'll spend the money for an encription software.
 

hypnotiq

TUG Member
Joined
Feb 11, 2011
Messages
1,359
Reaction score
66
Points
258
Location
Redmond, WA
Its simple. Don't do anything important on unsecure wireless. There are so many ways to capture user data, its not even funny, not to mention accessing the file system of any machine that is on that unsecured wireless.

"Free" internet comes at a price. :ignore:
 

SmithOp

TUG Review Crew
TUG Member
Joined
Jun 17, 2010
Messages
7,735
Reaction score
3,532
Points
499
Location
Huntington Beach, CA
Resorts Owned
HGVC King's Land 2BR Premier 23.040K Points.
What did they have to gain? Other than to cause havoc?

You might be surprised at how many people the the same password on many sites, and also keep copies of the registration emails.

Down
 

Timeshare Von

TUG Review Crew: Expert
TUG Member
Joined
Mar 13, 2006
Messages
7,081
Reaction score
1,759
Points
599
Location
Milwaukee, WI
Resorts Owned
Wyndham (77k points at Myrtle Beach/Westwinds)
Its simple. Don't do anything important on unsecure wireless. There are so many ways to capture user data, its not even funny, not to mention accessing the file system of any machine that is on that unsecured wireless.

"Free" internet comes at a price. :ignore:

Understood. Unfortunately nothing I was doing was "important". But the hassle it created has been frustrating never-the-less.

I have regained control of my TripAdvisor account thanks to their tech folks . . . and I believe everything has been restored back to pre-hack status.
 
Top