The list of online booking sites affected by the breach includes some of the top industry giants including Booking.com.
A Barcelona, Spain-based software firm called Prestige Software has been caught exposing sensitive, private, and financial data of millions of customers around the globe.
In particular, customers from Booking.com, Expedia, Agoda, Amadeus, Hotels.com, Hotelbeds, Omnibees, Sabre, and several others are among the unsuspected victims of the data breach.
The exposed database was originally identified by researchers at Website Planet who noticed a misconfigured AWS S3 bucket owned by Prestige Software was left open for public access without any security authentication.
The researchers analyzed the bucket and concluded that it contained 24.4 GB worth of data totaling more than 10 million files.
It is worth noting that Prestige Software provides a channel management platform called Cloud Hospitality to hotels that handle and automate room availability on top booking sites.
See: Hackers steal sensitive data from Japanese search engine for sex hotels
In this case, the software firm was storing credit card data of travel agents and hotel customers without any security measures. As a result, personal and financial data of customers dating as far back as 2013 was exposed online.
According to a report compiled by Mark Holden from Website Planet, the exposed data belonged to hotel guests and contained the following:
Full namesNIC numbersEmail addressesPhone numbersHotel reservation numberDate and duration of stayCredit card numbers including owner’s name, CVV code, and card expiration date.
We didn’t review all the files exposed in the S ..
Support the originator by clicking the read the rest link below.
