The Broadband Guide
SG
search advanced
 Username:
 Password:
Register
 forgot password?

Hotel booking firm exposes data on millions of guests

2020-11-09 14:01 by

 

Prestige Software, a hotel reservation platform used by Hotels.com, Booking.com, and Expedia, left data belonging to "millions" of guests exposed on a misconfigured Amazon Web Services (AWS) S3 bucket. Each of the records exposed sensitive and personally identifiable information (PII), including names, email addresses, national ID numbers, phone numbers, reservation information, and credit card details, including CVV and expiration date.

The leak was originally identified by researchers at Website Planet after spotting a misconfigured AWS S3 bucket that could be accessed by the public without any security authentication. Upon further analysis, the researchers found that the data belonged to the Barcelona-based software firm that was storing credit card data of travel agents and hotel customers without any security measures, thereby exposing personal and financial data of customers dating as far back as 2013.

The exposed data appears to contain booking and sensitive information from many well-known online booking services, including:

Agoda
Amadeus
Booking.com
Expedia
Hotels.com
Hotelbeds
Omnibees
Sabre
..and many more

It's not certain how long the data was left open, or if anyone took the data. Website Planet said the hole was closed a day after telling AWS about the exposure. Prestige confirmed that it owned the data.

Based on the payment information that has been exposed in this particular leak, it appears that Prestige Software has failed to comply with the Payment Card Industry Data Security Standard. This could result in the firm having their ability to process payment information revoked.

Read more at WebsitePlanet -here-

 

  Post your review/comments
    rate:
   avg:
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About