The breach will impact a "portion" of TripAdvisor's membership, who could receive unsolicited emails as a result. The website confirms no password or financial information was taken.
In a statement on its website, TripAdvisor said, "We discovered that an unauthorised third party has recently stolen part of TripAdvisor's member email list. [...] We have identified the vulnerability, shut it down and are vigorously pursuing the matter with law enforcement."
Ross Brewer, vice-president and managing director for international markets at LogRhythm, says hackers exploited a vulnerability to gain access to its database. "The regularity of these types of incident suggests traditional approaches to IT security are no longer fit for purpose," he said.
Paul Ducklin, head of technology at Sophos, said in a blog post, email addresses are the "least worrying part of your online persona to lose".
"This is an embarrassing breach rather than a dangerous one," he said.
A number of Play.com customers recently received spam, following a security breach on its website.
"If you use email for direct marketing purposes, do not let yourself get caught out like Play.com or TripAdvisor. Whether you lose email lists from your own servers or through a third-party marketing company is irrelevant - it is your brand which suffers. Even if you only lose email addresses, it is a poor advertisement for your business," said Ducklin.
This story was first published by Computer Weekly