Hotels.com, Booking.com and Expedia exposed Millions of Travelers data due to data party data breach
Cybersecurity specialists report that Prestige Software has accidentally exposed the records of millions of users of platforms such as Hotels.com, Booking.com and Expedia, whose data is stored in an open cloud.
Cloud Hospitality, the committed platform, is responsible for automating the Internet-based booking processes of Prestige Software partner companies.
Previous reports had already pointed to the reduced security with which the Spanish-based company operates, which uses Amazon Web Services (AWS) infrastructure to carry out its activities. This is a serious incident due to the nature of the information operated by the accommodation service companies.
The world’s leading online hotel services are subject to massive hacking incidents and high-profile attacks to steal sensitive information. The compromised databases appear to contain full names, addresses, credit card information, national identification numbers, and other sensitive details.
The report, prepared by Website Planet, mentions that the logs were discovered after the detection of various AWS deployment failures, which could have affected up to 10 million users. This database, equivalent to about 25 GB, was exposed to any user who knows how to find it: “The database can be hacked by any malicious user with minimal knowledge of cloud storage,” the researchers note.
At the moment it is impossible to know exactly how many users have been affected by this incident, and it is also unknown whether the threat actors who have accessed this information used exploiting security vulnerabilities in Prestige Software systems. However, specialists mention that once users of these platforms record their personal data, this information is automatically uploaded to the Cloud Hospitality subscription to the AWS bucket, which could mean that the information of all users on this platform could have been compromised.