- Get link
- Other Apps
A Spanish company has exposed 24GB of personal data of millions of Booking, Expedia and other booking portals
Prestige Software, a Spanish company (with offices in Madrid and Barcelona) that offers a platform for hotels, called Cloud Hospitality, that automates the availability of your reservations on portals such as Booking.com, Expedia, Amadeus or Hotels.com, has just been identified as guilty of a serious data breach that affects customers all over the world.
Researchers at WebSite Planet discovered the existence of an AWS bucket that, due to misconfiguration, allowed public access to 34.6 GB of datas that it contained without requiring any security authentication.
Capture of the website of the Spanish company involved.
And among those data were more than 10 million hotel reservation records created during the last 7 years.
Millions of potential victims of the data breach
These records in turn contained both personal and financial data: full names, email addresses, IDs, telephone numbers and, in many cases, also credit card information.
In the words of Mark Holden, a researcher at Website Planet:
"Millions of people have potentially been exposed by this data breach, worldwide. We cannot guarantee that someone did not access the AWS S3 bucket and steal the data before we found it.
"[Es cierto que] So far, there is no evidence that this has happened. But if there were to be, there would be huge implications for the privacy, security and financial well-being of the people whose data was exposed. "
Indeed, these people would be exposed to malicious changes to your reservations, to phishing attacks and identity fraud.
Similarly, Prestige Software (which, according to Website Planet, acknowledged being the owner of the bucket and solved the misconfiguration the day after receiving the notice) is now exposed to lawsuits by both those affected and the European institutions, as very heavy fines for breach of GDPR.
Via | InfoSecurity Magazine
Image | William Warby & Chameleon Design