Hotel Booking Firm Leaks Data on Millions of Guests

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
A hotel software provider has exposed the personal data of millions of guests around the world after misconfiguring an AWS bucket, according to a new report from Website Planet.

The tech site’s security team discovered an exposed cloud database belonging to Spanish developer Prestige Software, whose platform enables hotels to automate their availability on booking websites like Expedia.

The misconfigured S3 bucket contained over 10 million individual log files, dating back to 2013. Website Planet researcher, Mark Holden, warned that the total number of affected individuals could be even greater than this, as some logs contained personally identifiable information (PII) for multiple members of a single booking.

Among the leaked data were full names, email addresses, national ID numbers and the phone numbers of hotel guests. For hundreds of thousands of individuals card booking details including card number, cardholder’s name, CVV and expiration date were also exposed.
“Millions of people were potentially exposed in the data breach, from all over the world. We can’t guarantee that somebody hasn’t already accessed the S3 bucket and stolen the data before we found it,” argued Holden.
“So far, there is no evidence of this happening. However, if it did, there would be enormous implications for the privacy, security and financial wellbeing of those exposed.”
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top