[Important Notice from WeBase Hakata] (Follow-up) Apology and Information Regarding Messages Leading to Phishing Sites
We deeply apologize for the significant inconvenience and concern caused by the distribution of messages that directed some guests who made reservations at “WeBase Hakata” through an online travel agent to phishing sites.
Following the announcement made on August 14, 2024, titled “[Important Notice] Apology and Notice,” we would like to report the facts revealed through further investigation, as follows.
Notice dated August 14, 2024
https://we-base.jp/hakata/en/news/10796/
1, Incident Summary
On August 11, 2024, it was confirmed that some guests who had made reservations at “WeBase Hakata” through an online travel agent received messages directing them to phishing sites. There is a possibility that third parties accessed guests’ anonymous email addresses specific to the online travel agent stored in our management system. On the same day, we requested the online travel agent to invalidate the fraudulent URLs sent to customers. Additionally, we sent a message (in both Japanese and English) to affected guests, apologizing and advising them not to click on the fraudulent URLs. Furthermore, we implemented password changes and security checks on computers at all WeBase facilities. We have confirmed that no unauthorized access occurred at other facilities or within the online travel agent’s main system.
2, Details of the Incident
(1) Affected Customers:
Guests who made reservations at “WeBase Hakata” through an online travel agent.
(2) Number of Potentially Leaked Personal Information:
244 anonymous email addresses specific to the online travel agent from guests who reserved at “WeBase Hakata.”
(3) Potentially Leaked Personal Information:
Anonymous email addresses specific to the online travel agent.
※ No other personal information such as name, address, phone number, email address, nationality, credit card information, or banking details has been affected.
(4) Cause:
After investigation, it was determined that a website controller used by our company, which manages multiple reservation sites including the online travel agent, was subject to unauthorized access. As a result, a CSV file containing email addresses of guests who booked or modified reservations via the online travel agent and the check-in and check-out dates are between August 9, 2024, and July 18, 2025, was downloaded. However, the reservation management system provided by the online travel agent used by our company was not breached.
(5) Whether There Are Secondary Damages or Risks:
As of the time of this notice, no reports of financial damage have been received.
3, Future Measures and Recurrence Prevention
Based on the results of the investigation, we have implemented various measures, including the introduction of new security features in the reservation management system provided by the online travel agent, a clean installation of computers, strengthened employee training, and a request to the website controller operator to implement two-factor authentication (scheduled to be introduced on September 10, 2024). We will continue to enhance our security measures moving forward.
4, Request to Customers
If you receive a suspicious message, we ask that you refrain from clicking any attached URLs. If the content of the message is unfamiliar, please contact us.
We sincerely apologize for the significant inconvenience and concern caused to our customers.
Sincerely,
WeBase HAKATA
Note:
A “phishing site” is a fake website that impersonates a legitimate one to fraudulently collect personal information, such as credit card numbers.