Cybercriminals took advantage of an open MongoDB database containing data from Choice Hotels and stole 700,000 customer records and then demanded a $3,800 ransom payment for their return.
The unsecured third-party database was first uncovered by Comparitech and security researcher Bob Diachenko, but despite quick action on their part informing Choice of the problem, malicious actors also found the database and removed the data and left a ransom note demanding 0.4 Bitcoin, or about $3,856. The database actually contained 5.6 million records, but Comparitech reported that Choice said the vast majority were test data.
However, 700,000 were true records containing customer names, email addresses, and phone numbers.
Choice told Comparitech it will no longer work with the third-part vendor, which left it fully open not requiring either a password or other authentication method required to view the contents.
The database was first indexed on June 30 by the BinaryEdge search engine. Diachenko then discovered it on July 2 and he emailed Choice hotels about the issue. The server was secured on July 2, although not due to Diachenko’s action as the hotel said his email was filtered out and no ..
Support the originator by clicking the read the rest link below.
