July 31, 2020

1235 words 6 mins read

Hotel reservation platform leaks data on millions of guests

Hotel reservation platform leaks data on millions of guests

Prestige Software’s data leak dates back as far as 2013

       Hotel reservation platform Prestige Software has exposed the personal data of millions of hotel guests worldwide, after misconfiguring an AWS S3 bucket.

That’s according to a new report by Website Planet, which claims that the leaked information dates back as far as 2013 and includes details like customer names, ID numbers and c

redit card information. Prestige Software is based in Spain and sells a channel manager called Cloud Hospitality, which allows hotels to integrate their reservation systems with online booking websites like Booking.com and Expedia. According to Website Planet, Prestige Software was storing data on hotel guests and travel agents for many years without any protections in place. Mark Holden, Website Planet researcher, said that the misconfigured AWS bucket contained over 10 million individual log files - more than 24.4 GB worth of data. Over 180,000 records from August 2020 alone were found in the bucket. The information exposed included personally identifiable information (PII) such as guest names, ID numbers, addresses, phone number, and ID numbers. For thousands of guests, payment card details were also leaked, including their names, payment card number and card expiration details. Holden said that more than 10 million people could be affected in the data breach, as some logs files representing a single booking contained data for multiple individuals. The S3 bucket appeared to contain data originating from many renowned sources, including Booking.com, Hotels.com, Expedia, Amadeus, Agoda, Hotelbeds, Sabre and Omnibees, among others. It’s not yet clear for how long the data was left unsecured on the internet, or if a cybercrime group discovered the exposed database online and copied it to their own systems. Website Planet says their experts notified AWS directly so that it could address the leak itself, without any delay. AWS confirmed it had plugged the security hole the next day. Rich Vibert, CEO and Co-founder at Metomic, commented: “The news that Prestige Software has been exposing the sensitive data of millions of hotel guests since 2013 is the latest in a long line of disappointing data practices by large-scale organisations. “It is simply unacceptable that the company opened its customers up to identity theft, fraud and phishing attacks. But it’s also frustrating that this could have been easily and affordably avoided by embracing a privacy-first culture. For example, introducing technology to detect and tokenise the personal identifiable information they exposed so it would have been unreadable. “Companies need to stop thinking of privacy as a legal and contractual check-box. Instead, they must see it as a means for eradicating data breaches so they can maintain customer trust and have the power of data, without the risk.”

Author: devz123@gmail.com(Dev Kundaliya)

Date: 2020-11-10

URL: https://www.computing.co.uk/news/4023007/hotel-reservation-platform-data-breach

computing.co.uk

Pennsylvania county pays $500,000 to recover data stolen by ransomware gang (2020-12-01) After receiving the ransom the hackers helpfully advised officials to change passwords and update their Windows domain configuration Delaware County in Pennsylvania has reportedly paid $500000 ransom to hackers after becoming a victim of a serious ransomware attack last month According to Bleeping Computer the attack was conducted by the DoppelPaymer gang who instructed Delaware County to pay the ..
Majority of British employees believe their companies would prioritise business continuity over Covid safety (2020-11-26) But 87 per cent of employees said their organisations have created new and better ways of working during the pandemic period according to a ServiceNow study Over half of the employees in the UK are concerned that their organisations would put business continuity before safety once pandemic situation improves in coming months Thats according to the latest ServiceNow Work Survey pdf which was conduc..
Forum on Information and Democracy releases damning report on social media platforms (2020-11-12) Adding friction to online sharing could help to prevent the fast spread of fake news As fake news and disinformation campaigns continue to impact societies and politics around the world the Forum on Information and Democracy has released a new report offering 250 recommendations for social media platforms and governments to fight misleading content and disinformation on the internet Disinformation..
ICO is struggling to collect fines from companies that violate data protection rules (2020-12-03) Watchdog lacks teeth: 68 per cent of fines issued since January 2019 havent been paid The Information Commissioners Office ICO is struggling to retrieve monetary penalties issued to companies for violating rules on nuisance calls SMS and email spam and data breaches That is according to SMS Works a SMS API company which recently submitted a Freedom of Information FOI request seeking information fr..
Scammers are exploiting a legitimate Google Drive feature to spread malware (2020-11-04) The notifications themselves come from Google lending some credibility to the attack Cybercriminals are abusing a legitimate Google Drive feature to trick users into clicking malicious links and ultimately install malware in their systems According to Wired this phishing scam stems from Drives collaboration feature which millions of people use to create emails or push notifications inviting them t..
AND Digital’s people-first culture has driven expansion through the pandemic (2020-11-12) People are just as important as technology is the mantra of founder Paramjit Uppal Modern businesses must have IT at their heart For most understanding how to leverage technology is key to getting a competitive advantage over their competitors; and earlier this year even firms that had been slow to start their digital transformation saw the need to make the switch AND Digital was established in 20.. AND Digital’s people-first culture has driven expansion through the pandemic
Mobility must-haves: the case for Unified Endpoint Management (2020-10-28) What does a Unified Endpoint Management UEM platform need to be capable of today and is a broader end-to-end service now a must-have for mobile workforces? Even before the pandemic IT leaders were already turning to cloud-based mobile device management tools swayed by the convenience of remote updates policy control and security Their IT teams were typically overworked with an increasingly diverse..
AWS outage hits company’s own services (2020-11-26) Sites like The Washington Post and Roku as well as Amazons own services were affected AWS - the backbone of many online services - experienced a major outage last night with service only restored at 9:18am GMT on Thursday Although the multi-hour outage only affected one of AWSs 23 global regions US-East-1 it affected many services and sites including Coinbase Flickr Glassdoor and Roku as well as n.. AWS outage hits company’s own services
UK firms are paying some of the highest ransoms globally (2020-11-18) British companies see Russia as a bigger threat than China UK businesses are among the least likely to pay ransoms to cyber criminals but when they do they pay more than their peers in other parts of the world Thats according to the 2020 CrowdStrike Global Security Attitude Survey pdf released on Tuesday which surveyed 2200 senior IT leaders from 12 countries - France Germany Italy the Netherlands..
UK companies face £1.6 billion in extra costs without EU data sharing agreement (2020-11-25) The average compliance cost is estimated to be 10000 for small firms and over 160000 for large businesses British firms face a massive increase in costs if a data sharing agreement is not reached with the European Union a report by the New Economics Foundation and UCLs European Institute has warned The NEF and UCL wrote the report pdf which looks at the impact of EU data rules in the event of a no..