Data on millions of hotel guests exposed in cloud storage leak

Data on millions of hotel guests exposed in cloud storage leak

The cache of data sitting wide open on a server included full names, national ID numbers and credit card data



A wide range of sensitive information of millions of hotel guests has been discovered sitting on an unsecured server and accessible for anyone to view. The data was stored on a misconfigured Amazon Web Services (AWS) S3 bucket belonging to Prestige Software, a Spain-based company that sells hotel reservation management software.


The leak, reported by Website Planet, originated from the Spanish company’s Cloud Hospitality channel management software, which is used by hotels to automate the status of their vacancies on various booking websites. Since the platform is used to connect with the reservation websites, some of the data came from popular online travel agencies, such as Expedia, Booking.com, and Agoda, although they cannot be faulted for the data exposure.


RELATED READING: Five tips for keeping your database secure


The data comprised over 10 million log files, including information going as far back as 2013. The treasure trove consisted of a range of Personally Identifiable Information (PII), such as guests’ full names, national ID numbers, email addresses, phone numbers, as well as details such as the reservation number, dates, number of guests and their names and the price paid. Moreover, the S3 bucket also contained valuable financial data such as credit card numbers, the cardholder’s name, credit card verification codes (CVV), and expiration date.


Website Planet also confirmed the veracity of the data by checking that a sample of the leaked email addresses belonged to real people. While currently there is no evidence of any thr ..

Support the originator by clicking the read the rest link below.